DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Another "balancing" argument about privacy and EHRs

Posted on September 19, 2010 by Dissent

Some days I feel like a health care sector Paula Revere spreading the warning, “the breaches are coming, the breaches are coming!”

I just saw this commentary on HealthNewsDigest.com by  Eric Demers, the senior vice president of health and life science at MEDecision:

…. We shouldn’t allow overreactions to misperceived weaknesses in EHR security to thwart progress. It’s too important for the healthcare system and, ultimately, the American economy. It becomes a matter of what’s more dangerous: the potential misuse of information or simply not using information at all? Is the privacy of an overwhelming minority of people more important than safer, more efficient, more affordable and potentially life-saving healthcare for the overwhelming majority? Frankly, only the highest profile members of society (celebrities, athletes, etc.) stand to actually be negatively impacted by an unlikely EHR privacy breach. With that in mind, the question of whether we value the privacy of information more than its potential to help us lead healthier lives takes on a much more compelling perspective.

“Overreactions?”   “Misperceived weaknesses in EHR security?” “Overwhelming minority of people?”  Has he not been paying attention to breaches in the health care sector even  before we get to EHR services? Has he not read all the surveys showing that the majority of people are concerned about privacy and security of their personal information?

The new FairWarning report showed that snooping on family and neighbors is probably much more prevalent than has been reported.  And those problems will just transfer to EHR when staff has access to the login for a patient’s doctor and uses it to snoop.   It is not, despite his claims, just a matter of high-profile people who are likely to be targets of snooping.   Those are just the cases that are more likely to be detected and reported in the media.

He also writes:

No EHR is going to come with guaranteed safety, but I would argue that the risk level is the same or less than that associated with online retail and banking transactions. The public needs to understand this.

Then again,  the risk level might be greater because EHR services may not invest as much in security as the financial sector. And relying on EHRs is also risky when you consider cloud outages, as are now being documented by www.cloutage.org.   Relying on EHR in a “life-saving” situation is risky if you lose your Internet connection or the service itself has an outage.    Could such services be unavailable under the weight of a DDoS attack?  Almost certainly. Could EHRs save lives?  Probably.  Are they all he is cracking them up to be?  I think not.   Is he downplaying some very real risks in promoting them?  I think so.

The flaws in the UK system should be a cautionary tale for us all. The number of snooping incidents suggested by the FairWarning report should be a cautionary tale.   Extortion demands made on Express Scripts, the Virginia prescription database, and the Texas Cancer Registry should give us pause.  What prevents an EHR provider from being hacked and ALL EHRs on their service being accessed or acquired by extortionists or those who would do harm? Nothing. Absolutely nothing.  And while people can get new credit cards or bank account numbers, once their sensitive health information is out there, there’s no unringing that bell.  Yes, EHRs have potential use, but let’s not downplay the risks to privacy and security.

No related posts.

Category: Uncategorized

Post navigation

← VA beefs up data security of network devices
VA beefs up data security of network devices →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.