Wednesday, July 30, 2008

Two News Items That Tie Together

So I have been looking at this Harris Poll Report that states "4% or an estimated 9M American adults believe that they or a family member have had confidential personal medical information either lost or stolen", and trying to figure out if I know of anyone who this has happened to and if this is a low or high number.

The second round of figures: "about 7 in 10 (69%) of adults have either read or heard about medical records with personal health information being lost or stolen from doctor's offcies, clinics, hospitals, health insurers, employers or government agencies".

I definitely fit into this category, and it was even further reinforced with this article in the Atlanta Journal-Constitution about BCBS of Georgia sending out "an estimated 202,000 benefits letters containing personal and health information to the wrong addresses last week." That seems like a big screw-up.

So what do people really think about privacy, health records and the advent of EHRs? I am going to pull a few quotes from each piece to state my point. HPR: when asked which medical records, computerized or paper may be lost or stolen more often, 47% state computerized records, with 16% for paper, and 23% think the same.

My conclusion, Americans do not trust electronic records. Further support: of the 69% who had heard about medical records being lost or stolen, 54% believed it was from electronic records.

Recent medical "breaches" have included Wellpoint, U of Miami, NIH, the Cleveland Clinic, CVS, - with over 50 breached from healthcare providers reported to the Identity Theft Resource Center in the first 6 months of 2008. I have heard of these companies. Aren't they supposed to be the biggest and most secure in their fields?

BCBS of Georgia said the recent mix-up was caused by a change in the computer system that was not properly tested. Why would they implement a computer system without testing it, considering they are a HIPAA covered entity? Isn't there a law and governmental regulations in place to protect this data? Oh yeah, that's right, there is. Since HIPAA was fully implemented in 2003, very few fines have been assessed.

AJC: "This is very, very serious," [state Insurance Commissioner John] Oxendine said. A person with knowledge of medicine or billing, for example, could determine if the patient was treated for cancer, HIV or fertility problems, he said....

...Rhonda Bloschock, a registered nurse in Atlanta, said Monday that she discovered EOB forms from nine other patients in a large envelope she received Friday from Blue Cross. "This is a serious privacy breach," Bloschock said. Nurses and other hospital staff "jump through all sorts of hoops protecting people's privacy," she said....

...consumers have become more attuned to privacy issues, said Anne Adams, chief privacy officer for Emory Healthcare. "There is an expectation that their personal information is protected and not used inappropriately," Adams said. But with the movement toward keeping health records electronically, there's more potential for breaches to happen, Adams said."

So going back to Google Health, Microsoft Health Vault and EMR, PHR vendors - will the American people trust their records online to these companies, GOOG and MSN not being HIPAA covered, when other companies cannot protect this data already? And those that can protect it, still have mechanical errors?

No comments: