• Recommend:
• 0 Comments

Rx for Privacy: Improve Security of Medical Records

Health experts urge federal policy to restrict access to digital medical records.

By Kerry Hall, PCWorld   

WASHINGTON, D.C.--A trip to the doctor often means baring it all, but you may be exposing a lot more than you realize. That%squots the conclusion of a recent federal study that found digital medical records are vulnerable to snooping. The report led privacy experts last week to call for federal action to thwart the misuse of medical databases.

The call for federal action followed a warning last Thursday by health care experts on the National Research Council that computerized medical records are vulnerable to misuse and abuse because security is often overlooked.

The warning follows a year-plus study that the council conducted on the growing practice of telemedicine, a method of delivering medical information and images via the Internet, and medical databases. Telemedicine allows doctors to rapidly consult with experts. Using videoconferencing technology, specialists can assist local physicians or even examine patients.

The technology is particularly useful in rural areas where patients may be miles and hours from even a general-practice physician. The practice is gathering support in Congress as a way to cut health costs. For instance, Representative Ron Wyden, an Oregon Democrat, earlier this month introduced a Medicare reform measure that included provisions for providing Net access for physicians in rural areas and called for reimbursements through Medicare for physicians using telemedicine if they saved taxpayer dollars.

The Commerce Department also endorses the development of telemedicine. The federal Telecommunications Act, for instance, requires federal officials to report to Congress on the progress of federally funded telemedicine projects and the legal and economic barriers to expanding the technology.

What%squots This in Your X-ray?

However, as more records containing personal, identifying information go online, some analysts worry that privacy will be overlooked. By %dquotusing the Internet as a means to transport medical information, you encounter serious security hurdles,%dquot said Deirdre Mulligan, staff counsel with the Center for Democracy and Technology. %dquotThis, coupled with a lack of federal policy on privacy for patient records, is not an area where we should barge into without clear rules about how patient records should be handled,%dquot she said.

Currently there is no federal statute governing a patient%squots access to his or her own health records. State laws provide inconsistent protection. Mulligan argued that the federal government should require a patient%squots permission before records can be accessed. She also advocates strong penalties for violators.

Concerns over protecting computerized medical records are not new, said Jeffrey Rothfeder, a privacy expert. The study by the NRC, an arm of the National Academy of Sciences, concluded that part of the problem is a lack of strong incentives for health care facilities to upgrade security practices. Patients generally select care providers and health plans for reasons other than their ability to protect patient information, according to the study.

%dquotLegislation to regulate how the information is gathered and used has been proposed for years,%dquot Rothfeder said. %dquotPeople are always shocked and outraged that privacy can be so easily compromised. But when you come down to actually passing a law, it just doesn%squott happen.%dquot

Recommended: Encryption and Firewalls

The NRC recommended the use of encryption and said health organizations should impose controls such as passwords or electronic blocks or %dquotfirewalls%dquot to deny entry to unauthorized users. But Rothfeder said current encryption won%squott help much. %dquotMaybe if we get really powerful encryption methods, which will happen down the road.%dquot

Mulligan agreed. %dquotThere is a strong feeling that encryption is not strong enough,%dquot she said. %dquotWhat is strong enough today will likely not be strong enough tomorrow.%dquot

The Federal Trade Commission plans to study the collection, compilation, sale, and use of data from computer databases. The study will examine information consumers consider sensitive and will evaluate the risks and benefits associated with using such databases, a department spokesperson said.

%dquotWe%squotre going to have to provide people with both policy and tools to protect their privacy,%dquot Mulligan said. %dquotRight now both of those are missing.%dquot