Insecure
Has your electronic health record been hacked? Are the most private histories of you and your parents, your spouse and children, now public knowledge? Do governments, corporations and individuals know about your drinking history, your sexual transmitted diseases, when you lost your job because of a marijuana urine test? Do they know the details of your kids’ drug abuse, ADD and anti-depressant drugs? Perhaps you are accepting when Apple or Amazon know what music and books you like to buy. But do you want anybody to know anything that’s been recorded of your private life?
Here are five reasons why it’s already happened:
1. Federal government’s personnel files have been hacked to a fare the well. Someone – they don’t know who, though the default villain is generally China – has hacked the personnel records of four million Federal past and present employees. This also includes the records of everyone with a security clearance – including many of our spies. Inside those records are sexual peccadilloes, credit histories, arrests, drug use. Also included are many facts about the families – spouses, children – and friends and co-workers of anyone who applied. Some estimate the real number of hacked individual records is 18 million. This disaster for our security services only accompanies the ongoing catastrophe of our economic and business secrets being hacked.
If spies’ security clearance records have hoovered up, do you think your private medical records are safe? Anthem has admitted 83 million records have been compromised. Are you on that list?
2. It’s easy to hack medical records. The government program to bring the “future of personalized medicine” via the Electronic Health Record was “completed” in 2015. The federal cost of this program was $30 billion. The cost to physicians and the public was much greater, including grotesque inefficiencies (billions of wasted man hours – one example: the check list approach in these records often does and cannot record vital medical information like your weight.) “Complicance” – past paying of tens or hundreds of thounsands of dollars per physician to implant them has been assured by increasing fines for those who do not use them. Meanwhile, this IT “Revolution” also opened up medical record hacking to the world – on a platter.
One NYU professor estimated 10-12 million Americans now have access to your private medical records. The real number is greater.
Recently a professional cybersecurity individual wanted to know about the medical status of a relative. Well dressed and affable, he walked over to a hospital terminal and started typing. Inside two minutes he was in – looking at his relative’s records, then internal hospital memoranda.
Nobody stopped him. Changes are extremely good no one even knows he was inside. He says it was one of the easiest hacks he ever did. And the millions of hospital, medical, insurance and medical industry related people should have an easier time.
3. Your medical records are valuable. Folks tell me “who cares what’s in my medical records?” Well, the truth is – lots of people. Dr. Oz’s “Real Age” website did not tell everyone answering its endless personal questions that the data would be sold to Big Pharma and insurance companies. But many want to know your medical record information – and not just to sell you drugs, devices and insurance. Other interested parties include businesses that sell food and diet products; auto insurers not wanting to underwrite alcoholics; retirement homes; financial advice companies, trolling for potential buyers of annuities, death benefits and long term insurance. The list is very, very long – and does not include business rivals or people who want your job. That many organizations will act ethically does not mean that some will not. And to get at whether you ever drank too much or had an STD, they need to have the whole medical record, don’t they?
4. The IT industry has virtually no regulations to provide what electronic health records were sold to do, let alone fix security flaws. One of the biggest selling points in the rapid, government mandated roll out of electronic health records was “interoperability.” In English, this means that you and health workers would be able to access your records anywhere, anytime.
That has proven a fatal lie. According to a NY Times investigation, of the at least 700 providers of electronic health records, the ability of one system to pass information to another is perhaps 14%. Many medical centers’ outpatient systems cannot “talk” to their inpatient hospital systems. One of the bigger “providers” of electronic health records has created such effective silos to obtaining their records that no outsiders can get them – without paying a high fee.
What was supposed to be a boon to public health has become instead a poll tax and profit center. Want your records sent to the university hospital where you’ll get your cancer operation – you better pay up!
IT systems with real interoperability would have needed to beef up security to have these necessary intercommunications properly function. Instead, most avoided the problem – and left your records open to hacking.
5. Securing your medical records is low priority. When I talk to hospital or outpatient IT people they often say, “yes we’re working on that,” as if electronic health security is a long term project for the indefinite future. Why worry about such things, when you can’t get your pharmacy programs to work – the checklist does not include “in-between” doses necessary to avoid toxicity. And billing is a much bigger issue to IT folks than security.
The Future
Americans need to recognize they’ve been had. A record system that was meant to “improve” care has turned into a giant, dysfunctional boondoggle that has also changed medical care for the worse – physicians type away, treating your electronic chart before they treat you. Nurse anesthetists must twist their bodies backwards to fill in the checklists on the monitors behind them, “multitasking” a whole new procedure at the same time they’re checking on whether you’re alive. Docs can’t get paid without filling in the dots, an extraordinary time waster that also ruins the doctor-patient relationship. The personal connection between doctor and patient has for thousands of years been a large part of the placebo effect and effective medical care.
Until now.
Meanwhile, your private records may soon become nearly as public as your Facebook account. Hospital and physician offices should lay it out plainly in the required Federal HIPAA forms that every patient is forced to sign: “despite ongoing efforts your electronic medical records are inherently unsafe and open to theft.” That’s the truth.