It’s ten o’clock. Do you know where your medical records are?
Well, they may have been on line, but don’t worry, it’s all been fixed…or has it?
Websites are for a time, but Google is forever. But I’m getting ahead of myself.
If you are not tech savvy, you may have missed the story.
Daily tech reports that there have been major security leaks in the private sector by a company named Verus that led to hospital bills, including personal information such as social security numbers that can lead to identity theft, being accidentally placed on the internet for anyone to find.
The problem was not discovered by a hospital, the IT itself, a government watchdog, or even a hacker. It was discovered by a lady in Edmonds Washington who was looking for information on a deceased friend, and found her friend’s information on an online data base that should have been private.
On May 22, an Edmonds woman inadvertently accessed the database while searching for information about a deceased friend. She immediately notified Stevens (Hospital), according to CEO Carter.
The leak hinted to major problems, which of course were immediately fixed according to Verus.
But were they? In June, Concord NH patients were notified that their private information was on line.
In July, 51,000 patients from St. Vincent’s Hospital in Indianapolis discovered their data was accidentally placed on line.
In August, people in Klamath Falls were told Sky Lakes Medical Center patient information had also been accidentally placed on line for anyone to access.
These leaking problems were all from an IT company named Verus, that processed hospital information. Supposedly it allowed you to view your hospital bills on line. According to Daily Tech, during the last few months has at least three major leaks of personal information of hospital patients that allowed almost 100 000 records to be available to the public on line. (Pogowasrightblog has more information here)
To make things worse, some of the information was picked up by Google’s cache system, which most of you who google know allows you to access stuff like news stories and reports that have since been removed from their original website.
The good news from all of this is that Verus is now official out of business.
The bad news? It’s not just Verus that is leaking personal data.
Penn State University accidentally posted the names, ranks and serial numbers (i.e. Social security numbers) of approximately 10 000 Marines on line
According to a report in Marine Times, the data on 10,554 Marines was “improperly posted” to an Internet server and was cached by the Google (nasdaq: GOOG – news – people ) search engine. The problem was discovered when one of the affected Marines googled his own name and found the file on the Web.
The irony about all this is that we docs have been warned that a government privacy act will allow us to be fined and jailed if we tell the wrong person information about our patients…leading to horrendous stories of people being unable to find out information about their loved ones.
But if a multimillion dollar IT company allows your hysterectomy bills on line? I googled Verus…no federal investigation folks. Not even a lawsuit.
Umm…isn’t this a HIPAA violation?
Although HIPAA does not specifically create any right for any individual to sue in Federal court over breaches of privacy, HIPAA violations can be grounds for state tort actions because the HIPAA regulations create a new “duty of care” with respect to the protection of the confidentiality of patient health information. Lawsuits can be brought against you and your health care organization in your state courts if privacy or confidentialty violations occur causing damage to patients – particularly where inadequate and improper employee training has occured
John Edwards, call your office, do we have a suit for you..
Nancy Reyes is a retired physician living in the rural Philippines. Her website is Finest Kind Clinic and Fishmarket.