DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Breaches Lead to Push to Protect Medical Data

Posted on May 30, 2011 by Dissent

Milton Freudenheim reports:

Federal health officials call it the Wall of Shame. It’s a government Web page that lists nearly 300 hospitals, doctors and insurance companies that have reported significant breaches of medical privacy in the last couple of years.

Such lapses, frightening to consumers, could impede the Obama administration’s effort to shift the nation to electronic health care records….. So the administration is making new efforts to enforce existing rules about medical privacy and security. But some health care experts wonder if the current rules are enough or whether stronger laws are needed, for example making it a crime for someone to use information obtained improperly.

Read more in The New York Times.

I would dispute the reporter’s claim that “The Obama administration has levied a string of stringent penalties for egregious violations of patient rights under the most commonly cited law, the Health Insurance Portability and Accountability Act, or HIPAA, of 1996.” What string? Where?

And while some, cited in the article, consider different approaches or models such as barring discrimination based on information about medical conditions that might be exposed, that does not deal with the issue of embarrassment and privacy that may have nothing to do with employment discrimination. People simply don’t want the whole world knowing their sensitive medical information and unless entities improve security, it remains at great risk.

Category: Uncategorized

Post navigation

← Case study from Ireland's Data Protection Commissioner reveals need for ethics review in research recruitment to protect privacy
UK: 189 patients at NHS Bury notified of data breach →

6 thoughts on “Breaches Lead to Push to Protect Medical Data”

  1. Anonymous says:
    May 31, 2011 at 11:52 am

    Dear anonymous: you never post my comments, but I assume you read them. Your brief statements on this post assume that everyone shares a common position on the privacy of their healthcare information. This is simply not true. No population has a uniform opinion on any subject, including this one. Research supports that there is a spectrum of attitudes on healthcare information privacy. Many people actually care very little about keeping strict privacy around their healthcare information. Those who do report a high degree of concern tend to associate it with the possibility of discrimination, particularly in employment. Others report concern over identity theft. Few cite embarrassment as a concern. There are empirical data to support this, and it would be useful for you to do the background reading. From comments made before, I am certain you know how to do a literature search.

    It is never useful to assume that one’s own opinion is the predominant one. If your opinion on healthcare data exposure were predominant, wouldn’t we see some sort of public outrage over breaches? Despite years of privacy advocates trying to stir up that outrage, it hasn’t happened, so clearly they are not tapping into a broadly-shared and deep-seated societal value.

    In point of fact, the actual harm that has resulted from healthcare data breaches has been minimal. In many cases, the data are difficult to access, out-dated, or otherwise of very limited value. It has been reported that even freshly stolen medical records have been put on the black market and no one bought them.

    I’m not saying that we shouldn’t do more to prevent breaches. We should. But the driver to do that will be unlikely to come from consumer pressure, because consumers have collectively shrugged their shoulders over this issue.

    1. Anonymous says:
      May 31, 2011 at 12:19 pm

      If you submit comments and they do not show up, it means that they got caught in the spam filter. I do not censor commenters and I see three previous comments submitted by you that have been posted on this site.

      I do not assume my position is the dominant one. To the contrary. Indeed, if my view was the predominant one, I wouldn’t be blogging. That said, many of the views I espouse are also espoused by other patient privacy advocates, and I do not think it is coincidental that the head of Patient Privacy Rights, Deborah Peel, MD, is also a mental health practitioner. Those of us in the mental health field are more likely to be even more concerned about privacy and breaches than many other specialties, I would guess.

      I am well aware of the empirical data. I am also aware that what people say in response to a survey may not be the best indicator of what they really feel or would do. For example, the parents I see on a regular basis are not worried about the privacy of their children’s mental health records because of employment concerns in the future. They are worried – and very much so – in the here and now over what their child’s school would think or might do if they found out the child’s diagnosis or family history and family situation. Adults with psychiatric disorders are worried about employment issues, but they’re also worried about other consequences of possible breaches – including whether an ex-spouse might try to use information against them in a custody dispute.

      That more people aren’t more outraged over breaches is a measure of the “It can’t happen to me” mentality that is all too prevalent. If you read the news on breaches, every day, people are shocked and outraged over breaches – but not until it happens to them. And in many cases, even when they’re outraged, they don’t change what they do – often because of limited choices to go elsewhere or because they value a service so much that they’re willing to tolerate what happened.

  2. Anonymous says:
    June 1, 2011 at 9:35 am

    On both sides of the equation: ultra-privacy advocate vs. do-nothing JQ Public there is clear evidence of the inability to properly understand risk and take the appropriate action to mitigate it. Privacy advocates over-state risks while others under-estimate it. The real answer, like so many things in life, is somewhere in the middle.

    1. Anonymous says:
      June 1, 2011 at 11:25 am

      Just because I don’t share your opinion about the risks or their significance does not equate with not understanding them or not being familiar with research. Indeed, nonpublic sources inform me that some risks are much higher than what has been publicly reported or revealed – and that’s across all sectors, not just healthcare sector.

      So you go ahead and take all the risks with your own data that you feel are reasonable, but do not try to impose your subjective beliefs about what is a “significant” risk on others. While “significant” has a statistical definition, it also has another definition and neither you nor I get to be the judge and jury of that determination for others.

      1. Anonymous says:
        June 2, 2011 at 12:23 pm

        Somewhere in there is a response to what I actually said, struggling to get out.

        1. Anonymous says:
          June 2, 2011 at 2:00 pm

          Then perhaps you don’t understand what you actually said, as my response was directly responsive to it.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.