If you didn’t hear, lots and lots of people snooped into celebrities’ medical records in L.A. — the number of people who’ve been caught just at the UCLA Medical Center is up to 68!
Worse yet, these are electronic medical records, you know, those magical records that are supposed to help protect patients’ privacy and be more secure than their paper counterparts. Apparently this is not the case.
While I’m glad to see these professionals’ hands caught in the proverbial cookie jar, I have to wonder out loud why these patients’ electronic medical records apparently allowed any staffer to access them? I also have to point out how unconcerned the hospital at UCLA was for the violation of their patients’ privacy rights and only looked into this issue further when “prodded” (read: “threatened”) by state regulators.
This episode only goes to show you how much father we have to go before things such as an electronic medical record actually are more secure and private, and live up to their expectations.
In LA, it’s celebrities’ health records; in DC, it’s tax records; in Wisconsin, it’s utility records. Even the Wall Street Journal published a guide to spying on your friends.
At a privacy event last month, I heard Marc Rotenberg of EPIC cite a story from Ralph Nader’s “Unsafe at Any Speed,” which eventually prompted automakers to install seat belts (among other reforms). As Marc re-told it, one automobile executive testifying before Congress said he and his family do not need seat belts: He practices reaching out his right arm to brace his children (seated in the front) when he saw danger ahead! The executive urged other people to practice the same method to protect their own families. Rotenberg went on to say, “I think we’re having a similar discussion this morning. I think we do not yet understand the responsibility that properly falls on America business when it collects and uses personal information about American consumers.”
On the one hand, I’m not surprised that there’s malarkey. On the other hand, I confess that I presumed “they must have this handled.” What the heck is going on? Is this a simple matter of humans being untrustworthy, which is unsolvable through software? With thousands of hospital employees having access (necessarily), what system features exist to prevent abuse?
Pardon my busy ignorance, but is this story getting coverage all over the health blogosphere?
One BIG concern is that this could be a potent and legitimate reason for the public to resist – no, *reject* – adoption of EMR.
Here’s a starter idea: every month email me a list of everyone whose login looked at my records, and require that hospital staff respond within one week to any inquiry from the patient about why someone did.
Okay, docs, tell me – would that be feasible or is the underlying problem that there are many many legit reasons why staff might look, so there’s no way to know something unusual is happening?
That raises the question, how did these culprits get caught? What stuck out like a sore thumb?
Electronic medical records are meant to enhance the provision of medical care. In order to be most effective, such records need to describe each patient as comprehensively as possible.But, at the same time,the electronic medical records protects the privacy of patients medical records.
What protects the patients privacy?, when I have attended as a inpatient or a out patient, I’ve had to relay information on my medical history because I am being seen by a Overworked or cavalier Doctor who has never bothered to read my medical notes .