Re: Utah’s Medical Privacy Breach – Nearing 1 Million!

The Utah Dept of Health didn’t protect close to one million patients’ sensitive health data. Utah handles health information the way 80% of the US healthcare sector does: very poorly. Weak passwords and unencrypted health information are typical. Just last November, an SAIC/Tricare data breach of 4.9 million unencrypted records was reported.

The US healthcare industry has ignored federal law requiring encryption since 2005. Encryption is well-known to be the standard for protecting health data. But why do it if there is no enforcement and the cost of a fine or settlement is so low?

Instead of expanding electronic health records systems and exchanging millions more sensitive health records, the federal government should enforce the law and require the massive security flaws in existing health data systems be fixed. And whenever there are breaches, victims should have the technology tools to verify whether future claims are genuine to prevent medical ID theft and someone else’s record from receive credit monitoring for at least 3 years.

Learn more about the lack of health data privacy and security. Register to attend or watch the 2nd International Summit on the Future of Health Privacy, “Is there an American Health Privacy Crisis” on live streaming video at: http://www.healthprivacysummit.org

Physician’s computers were stolen

See the full story from MySanAntonio.com: “Physician’s computers were stolen

“Five computers containing medical and personal information of more than 3,000 patients were stolen from a Stone Oak physician’s office in October.

Dr. Sudhir Gogu of the Stone Oak Urgent Care & Family Practice said the computers were stolen after an office door had been pried open sometime during the weekend of Oct. 22-23, according to the police report.

A San Antonio Police Department spokesman said in an email Wednesday that the computers have not been recovered and there have been no arrests…

…Dr. Deborah Peel, founder and chairman of Patient Privacy Rights, an organization focused on putting people in control of their electronic health information, called medical identity theft a dangerous crime.

“It typically costs the average victim at least $20,000, and health plans typically increase your premiums … or may even cancel your coverage,” Peel said.

Peel criticized the health industry for failing to taken data protection seriously.

“It’s estimated that 80 percent of hospitals don’t encrypt data,” she said. “Can you imagine if your banks didn’t encrypt and keep your financial information secure? We wouldn’t even let them be banks.””