Is My Electronic Information Safe In a Hospital?

Featured article by Jeremy Sutter, Independent Technology Author

If you’re somewhere over the age of 30, you’re most likely familiar with the scene of walking into a doctor’s office and seeing walls of medical files lining the office. In recent years, however, all of those rows of files have started to be replaced by digital records, transported instantaneously from office to office, wherever your doctor may need them.

There are several advantages to using computer-based files, but there are also inherent security risks as well. One recent Chinese-based attack affected the Community Health Systems and took information from 4.5 million customers, including names, social security numbers, and addresses. As these attacks become more frequent, people are becoming increasingly alarmed about the security of their most sensitive data.

What Type of Information is Stored Electronically?

While you may assume that every piece of your medical history is stored electronically in one big master file, the truth is that only your most basic information is stored electronically, at least until recent years. A stimulus package introduced by President Obama in 2009 encouraged doctors to move completely away from paper files of any sort by offering thousands of dollars to help fund new computer and software systems. These systems help track day-to-day patient care records, in addition to the basic information and specific health conditions that were normally part of a computer database. While the adoption of these technologies has been readily embraced by most of the medical community, many healthcare professionals are still reluctant to make the switch.

Will This Make It Easier to Access My Own Records?

Despite your medical records being stored online, it’s still surprisingly difficult to access your own personal information. E-mail is not nearly secure enough to transmit sensitive information, so many doctors prefer to communicate any health data in face-to-face conversations with their patients. Furthermore, fax machines are still utilized in doctor’s offices primarily to send referrals to other doctors or to send prescriptions directly to the pharmacy.

One option that is making inroads into the medical community is called “patient portals” – an online gateway that allows patients and doctors to communicate directly. The interface for these portals can sometimes look dated or feel cumbersome, but the technology is usually secure enough to discuss sensitive issues. Still, more substantial files like PACS will need to be addressed in person or via hard-copy.

How Secure are These Individual Systems?

There are pros and cons to storing your information electronically. On the one hand, it allows for convenient access between operators within a shared system, so if your doctor and the hospital are using the same software, it’s relatively easy to gain access to the files (with proper permissions) in case of an emergency. On the other hand, computer software companies have a strong financial incentive to differentiate themselves from the competition, creating a medical landscape where several different programs exist in mutual disharmony. If your doctor is on one software and the hospital that you’re being taken to for a heart attack is on a different system, the process of gaining pertinent medical records from point to point can be difficult, if not nearly impossible.

This doesn’t mean that data breaches are altogether uncommon; the Chinese hacks is just one example of many attacks that are alerting privacy officials to the dangers inherent in computer databases. This video, released by the Health and Human Services department explains some of the protections, but generally speaking, the health community has not embraced some of the technologies that sectors like the financial industry has, which leaves them somewhat vulnerable.

In the event of a breach similar to the Community Health attack, the hospital will provide identity theft services and carried insurance that protected many patients, but that doesn’t mean the medical community is without risk. As with anything that is stored digitally, there’s always a chance for future cyber attacks, but the health profession has taken many strides to protect themselves and their patients.