Leaders in Congress Call Out TRICARE & SAIC

We congratulate the leaders in Congress, Reps Markey, Barton, DeGette, Stearns, and Andrews for calling TRICARE and SAIC on the carpet for not securing military families’ sensitive health data. See the letter here.

We hope this letter leads to Congressional oversight hearings into the industry-wide culture of disregard for the privacy of military personnel’s and all Americans’ sensitive electronic health information. The worst serial corporate abusers should be penalized and prevented from getting federal contracts. We need Congress to get to the roots of the industry-wide disregard for health privacy FAST, before millions more people are harmed, not just by medical identity theft, but by the use of health information to discriminate against them in employment, credit, and other key opportunities in life. Once health records are exposed, they can never be made private again.

It is well-known in the healthcare industry and by privacy advocates that about 80% of healthcare providers and the health IT corporations that manage health information have ignored federal laws requiring encryption and data security protection for years. Obviously, head-in-the-sand approaches to data security simply don’t make sense. Clearly it’s cheaper and easier for corporations to ignore the law and common sense than it is to protect our most sensitive personal information, from diagnoses to DNA.

The fact that SAIC has continued to get billions in funds from the federal government despite repeated breaches of sensitive health information shows also that the federal process of awarding, monitoring and auditing, and assuring performance of billion-dollar contracts needs investigation.

Providers, healthcare organizations, and technology companies that do not use state-of-the-art data security for health information should not be allowed to work in the healthcare field. If you are unwilling to protect patient data, you don’t belong in healthcare.

We also strongly support the proposal to make sure that victims of health data breaches receive effective state-of-the-art remediation. Victims should be able to use new technology that enables them to monitor all health insurance claims before they are submitted, so they can prevent the fraud and prevent other people’s health data from being added to their health records.

House to Defense Top Doc: What’s Up With TRICARE Theft?

Four members of the House Energy and Commerce Committee and one member of the House Armed Services Committee want some answers from Dr. Jonathan Woodson, the Pentagon’s top medical official, about how the Defense Department handled the September theft of computer tapes containing the records of 4.9 million TRICARE beneficiaries from the car of an SAIC employee in San Antonio, Texas. Woodson is the assistant secretary of Defense for health affairs and director of the TRICARE Management Activity, which was responsible for the data.

Woodson has been mum on this debacle since it unfolded, and in fact gave a speech in San Antonio the week after the theft was reported and, as far as I can determine, never addressed the issue…

…Last month, TRICARE directed SAIC to offer credit monitoring services to patients whose information was stored on the stolen tapes. Dr. Deborah Peel, founder of Patient Privacy Rights, an advocacy group based in Austin, Texas, says this does nothing to insure the safety of health care information on those tapes.

Peel, who sent me the Congressional letter to Woodson, said those patients should also be provided with new technology that allows them to monitor all health insurance claims before they are submitted, so they can prevent fraud as well as other people’s health data from being added to their health records.

See Patient Privacy Rights’ Press Release