PLANNING AND LEADERSHIP FOR A BETTER WORLD
PLANNING AND LEADERSHIP FOR A BETTER WORLD
Medical information theft is on the rise. Earlier this year, Bloomberg reported that in 2009 there were more than 275,000 cases of medical information theft—twice the number of the previous year.
And the problem is expected to get worse as more records are digitized, and as medical institutions and patients move to electronic health records, which make it easier to share and access medical information.
Unfortunately, the source of the problem is shifting.
In many medical data breaches, unencrypted information is exposed due to poor data management practices of an employee or contractor. For example, a laptop, portable hard drive or backup tape may be lost or stolen. In one case last year, 1.5 million Health Net customers’ medical records were put at risk when a hard drive went missing. Such exposures are being addressed through more widespread use of encryption.
Similarly, there have been several recent cases where paper records have been found in the trash. Again, such exposures can be eliminated by adopting better procedures such as ensuring all documents with any personal health information are shredded before being tossed.
Increasingly however, medical records are being compromised by health care employees or contractors abusing their access privileges.
For example, in recent years there have been several incidents where hospital employees spied on the records of celebrity patients. This includes dozens of employees in a New Jersey hospital looking up George Clooney’s records after a motorcycle accident in 2007, and 127 employees in a Californian hospital peeking at the records over a three-year period of California First Lady Maria Shriver, Farrah Fawcett, Britney Spears and others.
Beyond voyeurism, employees are also using their ability to access records to steal information. For example, earlier this year, a Florida couple was charged in a scheme where they paid an ultrasound technician $1,000 a month for the records of hundreds of patients.
Similar to traditional identity theft, a main driver of medical information theft is to commit fraud. Stolen information is often used to file false claims. Last year, the average medical theft incident cost someone (the patient, health care provider or an insurance company) $12,100 on average, according to the market research firm Javelin Strategy & Research.
Smarter Solutions Needed
Traditionally, the way to protect against internal threats has been to password-protect everything and create very refined access control lists to provide granular levels of privileges to information.
Unfortunately, such an approach has limitations. It places a great burden on the IT staffers who have to maintain the password and access control lists. Users must memorize different passwords and learn different sign-on procedures to gain access to different systems. And as new systems such as electronic patient charts or wireless mobile access to medical imaging systems are added, more lists and passwords must be created and memorized.
For these reasons, there is growing interest in tightly integrated systems that marry single sign-on (SSO) technology with strong authentication systems that use tokens or biometrics. Companies including Citrix, IBM, Imprivata, PassLogix and others have offered such solutions for health care providers for several years.
Imprivata OneSign Platform (Source: Imprivata)
The SSO aspects of these systems give people access to all systems with one log-in. The token or biometric reading reduces the need for memorizing multiple passwords. And since the token or biometric reading is unique to an individual, it is harder to steal data by using someone else’s log-in credentials. Additionally, breaches can easily be traced back to one person—the owner of the token or fingerprint.
These systems are evolving through software enhancements. In some cases, the software allows detailed forensic analysis to truly understand the actions of an employee. In other cases, the software provides the ability to quickly create reports and to more easily identify inappropriate actions that might indicate an employee is stealing data.
The Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @dlpmarketing @ibmemergingtech @jennifertaylorThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @walterfalk @vasfigucer @ibmsmrtrcmptngPhoto: Manage XIV Storage with this new iPhone app http://t.co/kMdsvKs3Video: Manage XIV On the Go with an iPhone (by ibmstorage) http://t.co/nQHwXBVZ"How can I get some of this SSD goodness?" http://t.co/RxJJTzXhThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @tashkhet @sroetenibm @dennisibm @ibmbigdata @ibmdirecto_esRT @DutchCloud: Dutch Cloud Awarded as IBM Business Partner of the Year 2011 for Cloud Innovation !!!The Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @palmtwo @prof_eder @vasfigucer @bnhallThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @ibmnetezza @steph_wacongne @pyyhtia @avnetretailpathThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @fangfeng88 @hopley @letterlearning @ibmsmrtrcmptng
Like us on Facebook 
Follow us on Twitter 
Get the Smarter Tech Newsletter 
Register for the "Data Center Optimization Techniques: Stop Wasting Time & Money" eSeminar
on Thursday February 16 at 10:00 a.m. Pacific / 1:00 p.m. Eastern.Register Now >
