Can healthcare survive a digital security scare?

Last updated: 21 March 2014

I remember the time of corduroy, vinyl records, saddle shoes, and microfiche. When I think of these things now, I am thankful for Bluetooth music streaming, one-click online shopping and the MapQuest app on my phone. It makes you wonder why – in this day and age –  people’s names, social security numbers, wage information and driver’s license numbers are being sent through the US Postal Service on microfiche.

Earlier in the year my colleague Ray Wizbowski wrote a blog post highlighting the US Postal service’s attempts to promote ‘snail mail’ as a secure method of communication in the modern age. While personally I deem all unnecessary postage as environmentally irresponsible, I can’t fathom why professional data exchange in the healthcare sector is still done in this fashion.

Secure authentication is something that email service providers like Google (Gmail) and Microsoft (Hotmail, Outlook) have established their empires on. Security, speed and safety of communication are what have made administration in the public sector so successful in digital times. Google, for example, has gone to great lengths to educate people on the secure journey of an email, including crafting this flow chart to put their customary creative stamp on the issue.

Data theft is nothing new. Indeed, there are thousands of corporations who have already dealt with the fallout of lost or stolen data and hundreds of medical providers who have paid the price for breaches of their systems.

Here are just a few examples:

– On February 16th 2011, thieves robbed a van containing health records for more than 1.7 million patients, staff, vendors, and contractors of the North Bronx Healthcare Network in New York City.

– In June 2011, a Birmingham, Alabama woman was arrested for felony theft after stealing five years’ worth of medical information for thousands of patients treated at Trinity Medical Center.

– October 9th 2011 saw Stanford Hospital involved in a class action lawsuit as a result of the publication of 20,000 patients’ personal information.

– Fast-forward to April 24th this year and information on about 550 patients was stolen from the car of Oregon State Hospital’s chief of psychiatry.

There are regulations in place (HIPAA, for instance) that are intended to create an environment of trust between patients and their caretakers. And yet on April 26th 2012 the personal identifying information of approximately 700,000 people was stolen. Because it was sent through the mail. On microfiche!

Steve Mehlman, a labor union spokesman, commented that, “It’s hard for us to believe that in one of the largest states in the union, we’re using such an antiquated system”. Well, I’d like to reword that slightly. It’s hard for me to believe that with the technology and security options available in this day and age, they’re still using such an antiquated system.

There are so many secure and convenient options available for storing and transmitting sensitive data. It seems outrageous that healthcare, where technology and innovation save lives every day, would be among the last adopters of security solutions. It is time to expect more from the people that take care of us and protect us from germs and disease. It is time for healthcare providers to protect our identities and personal information with the same dedication that they devote to our well-being.