A lawsuit followed along with a heavy fine imposed on the hospital and general loss of goodwill for the vendor. This happened in 2003.
2.9 million recipients of healthcare had their personal details compromised when a hospital had a data theft incident in Georgia. This happened over three years till the middle of 2006.
The NHS has been hit badly by incidents like the above. In May, a Cornwall hospital was fined after a computer holding personal information of 10,000 staff members was stolen. Earlier in March 2007, the details of 11,500 child patients had been stolen from a Nottingham hospital, but were later recovered. In September 2007, the Dudley Group of hospitals launched an enquiry when Glamorgan University reported that a hard drive containing confidential patient data was sold on ebay as ‘new’! The hospital entrusts its IT related services to Siemens Medical, which in turn had been outsourcing its services to a private firm that disposed old disks, among other functions.
Critical Hospital Data and Implications of its Loss
The healthcare sector is increasingly growing dependant on digital data storage, analysis and processing methods to effectively manage the heavy records that they have to maintain. This information includes:
The address, mail id, phone numbers, date of birth of patients.
In some cases, the work details of patients are included.
If the patient has bought a package on loan or medical insurance, all banking details are included. Similarly, if an insurance claim has been filed and paid, the details would be furnished in the records.
In case of payments - credit card and account details of patients can also be uncovered.
All details of the exact nature of the medical problem can usually be uncovered.
In one tragic case, the family of a child suffering from cancer was blackmailed. By the time the family was able to obtain justice, the medical insurance claim was of no use to them anymore as the child was already dead. The level of inhumanity in misusing such information is horrific, and hospitals that have once lost their goodwill might as well close down. The worst part is that the patients are mostly the last to know of it. Sometimes they never come to know what happened, and are left wondering haplessly where their money want or how the records have been tampered, or what made the insurance agency invalidate their claim. Hospitals losing data is the classic case of the protector turning predator.
Possible Misuse
Misusing the data found from a hospital is very tempting indeed in the hands of unscrupulous individuals. Books have been written and movies made on this, but justice is still slow in coming to those stricken by medical frauds and scams. Some misuses of data include:
The medical details of the patient can be used to blackmail him or her; furnish false evidence in court, prove that he or she is not afflicted with a particular disease, and spread false information on the victim’s health condition.
Paternity details can obviously be misused for blackmail, extortion, fabricating false cases etc.
Insurance, medical claims and state help can be blocked through tampering of medical records of seriously afflicted patients.
Banking details can be used for credit card theft, scams, misuse of accounts etc.
Fortification against Data Loss and Theft
The situation is not as bleak as it seems, though there is much left to be done in the area of digital security of healthcare records. There are some ways in which hospitals are trying to fortify themselves against such crimes.
Many hospitals are using ‘thin client’ computers. These do not have individual hard drives, but run through a common server and are connected through a LAN.
Stealing laptops have become awfully common. As a result, some hospitals have stopped issuing them; others are keeping a stricter vigil on employees, while others are using encryption software.
Pen drives, CDs and other portable devices are being discouraged and checked.
Preventing hackers have become important.
Patients are made aware of the perils of revealing personal information through drives, booklets and sites.
Employee database is being kept elsewhere from other records, with limited access.
Details of terminally ill patients also have limited access.
Hard disks and pen drives are being checked to see if they are really formatted before resale.
