Beth Walsh writes:
A House Democrat seeks a hearing to investigate the recent data breach at Community Health Ssytems which impacted 4.5 million patients.
Rep. Elijah Cummings (D-Md.), who is the top Democrat on the House Oversight and Government Reform Committee, wrote to the House Oversight and Government Reform Committee chair Darrell Issa (R-Calif.) asking for the hearing to identify ways to better protect patient data.
Read more on Clinical Innovation + Technology.
Frankly, I’m a bit shocked that we haven’t heard/read more outrage as a result of this breach. CHS has over 200 hospitals in its system and they put millions of patients’ information at risk. Should such large systems be allowed? And if so, what heightened security should be in place or audited for?
CHS shouldn’t be House Oversight’s only concern, of course. The other day, I broke the story of a breach involving Aventura Hospital in Florida. Aventura is owned by the for-profit HCA, who describe themselves as:
a company comprised of locally managed facilities that includes about 165 hospitals and 115 freestanding surgery centers in 20 states and England and employing approximately 204,000 people. Approximately four to five percent of all inpatient care delivered in the country today is provided by HCA facilities.
So if the hospitals are locally managed, does HCA have any responsibility for their data security? In the Aventura Hospital breach, there was insider data theft. But what about external hacks? Does it matter that Aventura Hospital is on HCA’s IP address and that other HCA facilities are also on the same IP address?
Are big systems playing with fire or gambling on data security? And if they fail, what price will the patients pay? I hope House Oversight – and HHS – will take a closer look at this issue.