Millions of health records for patients in the U.S. have been breached or compromised in the first half of 2010. Here’s a list derived from an ongoing search via Google News Alerts I monitor using the keywords, “health information and breach:”
FedEx lost seven CDs of personal health information (PHI) from the Lincoln Medical and Mental Health Center in Bronx, NY, enroute to Siemens Medical Solutions, in March. This information affected 130,495 patients.
The FAA believes that PHI for over 3 million U.S. pilots may be at-risk of breaching, according to a report published in June by the US Transportation Department. The FAA’s Airmen Medical Support Systems makes personal health information data available to over 9,000 contracted users, most of whom are physicians.
WellPoint (the largest commercial health insurer in the U.S. with 34 million members and part of the Blue Cross Association of health plans) notified 470,000 people who applied for individual health insurance coverage that their information may have been breached on a web site. The plan is offering the affected consumers one year’s worth of free identity and credit protection services. About one-half of these health citizens were members of Anthem in California.
As these breaches of U.S. health citizen’s personal health information occur and get media coverage, the U.S. Federal Government has launched a new website to promote greater transparency in health. The Department of Health and Human Services started up HealthCareGov (healthcare dot gov) with the tagline, “Take health care into your own hands.” The site is meant to empower health citizens to get more engaged in their own health promoting shopping for health insurance, making decisions based on health care quality, learning about disease prevention and health promotion, and better understanding health reform.
Health Populi’s Hot Points: With greater transparency comes better-prepared health consumers – of that there is no argument. So HealthCare Dot Gov is a welcome site on the Web. But there’s another government initiative that may help Americans garner more faith in the U.S. health system, and that’s in the area of cracking down on PHI breaches the likes of which we see listed at the front of this post. From FedEx in the private sector to the FAA and VA in the public, health security breaches occur throughout the U.S. health system on what seems to be a regular and random basis.
These stories get mainstream, mass media press coverage. This news can have an impact on health consumers that causes (rightful) concerns about the security of ‘my’ health data in digital records. With at least $20 billion of taxpayers’ money going to stimulate the adoption of electronic health records by physicians, consumers may well be concerned about the migration of their PHI from paper records to digitized formats. The appearance of a physical locked file cabinet with paper records may offer a visible sign of security to the average patient, whether or not that secure feeling is justified.
So in comes the so-called 15-member Tiger Team at the Office of the National Coordinator for Health IT’s Privacy and Security to develop recommendations on patients’ access to and control of their personal health data. They’re working on the issue of consumer consent and will report out in August 2010.
If the U.S. intends as public policy for health citizens to engage with their health and health information, getting to ‘yes’ on consumers’ control of PHI will be an enabler of participatory health care. Without consumers’ control, including regulation with ‘teeth’ that can incentivize stakeholders who are moving and handling information along the health value chain to do the right thing and protect information, consumers will remain skeptical about EHRs and their power to influence health care for good.