Stolen Allina Medical Records: Tip of the Iceberg
10/21/2006
St. Paul, Minnesota—Citizens’ Council on Health Care calls the news of Allina’s stolen medical records just the tip of the iceberg when it comes to the future security and privacy of patient data in electronic medical records.
Twila Brase, president of CCHC, makes the following statement,
“Electronic medical records are insecure by their very nature. Very private data on hundreds of thousands of individuals can sit in a tiny computer and be carried anywhere by car, train, plane, boat or on foot. And with one click of a mouse, that data can be sent to China or Africa or Timbuktu. And once it’s gone, it’s gone. There’s no retrieving it.
“The next time someone tries to tell the American public that computerized medical data is more secure than paper, they should just try to carry the medical records of thousands of patients out of a clinic and carry it anywhere.
“While electronic medical records may be convenient, they are not secure...and they guarantee that breaches of patient privacy and stolen identities will be an ongoing source of headline news, and personal angst.”
CCHC asks the public to consider the following six questions:
* Why is the social security number still being used by Allina for medical records?
* Will passwords really keep skilled thieves from accessing patient data on or through the laptop computers...and how will Allina know about it or prevent it?
* Have breaches of patient privacy and data security ever occurred in Minnesota health plans with them notifying the public?
* How many laptop computers with how many people’s private data does Allina, HealthPartners, Blue Cross Blue Shield, UnitedHealth Group and the State of Minnesota have running around the Twin Cities, and in whose cars?
* Why did the federal government choose to allow voluntary compliance with federal privacy and security standards rather than impose real and significant penalties?
* Why did Congress essentially strip citizens of the right to keep their private medical data from being computerized and placed online?