medical record

Identity thieves getting better at stealing patient data

Mon, 12 May 2008 06:59:57 -0400

Where they once focused on banking data and credit card statements, identity thieves have become increasingly focused on breaking into patient data systems, observers say. Medical records offer a rich trove of information for an identity thief, often including not only health insurance account numbers and billing addresses, but also dates of birth, Social Security numbers and even credit information. That's particularly the case with hospitals which, since they offer costly services, may do more credit research on a patient.

Security industry researchers note that many hospitals haven't taken adequate steps to prevent malicious clinical data breaches, perhaps unaware that in addition to posing great risk to patients, each intrusion can cost $200 per record and $6.3 million per incident. Instead, many hospital IT departments are focused more on implementing or supporting EMR rollouts, according to a survey announced at HiMSS '08.

To learn more about medical record theft:
- read this USA Today article

Related Articles:
The growing problem of medical identity theft
NY hospital worker charged with massive file theft
California expands health data breach rules
U.S. hospitals have security 'blind spot'

HIT terms becoming more defined

Mon, 31 Mar 2008 07:59:56 -0400

Do you know the difference between an e-medical record and an e-health record? Health IT professionals are banking on an answer of "no," which is why there now is more of a push to give more "precise definitions" to oft used HIT terms, according to an article in Government Health IT. For example, a health information exchange (HIE) should not be defined as any sort of organization, but rather the act of exchanging health information. Furthermore, a HIE org for, say, orthopedic surgeons nationwide, should not be referred to as a regional health information organization (RHIO) because it spans more than just a single region.

So what is the difference between an EMR and an EHR? According to project leaders at the National Alliance for Health IT, an EMR "is created and maintained by people from one organization, such as a hospital." An EHR, on the other hand, "is an aggregate of health records from more than one healthcare organization."

For more information:
- read the full article

Editor's Corner

Sun, 25 Mar 2007 20:01:39 -0400

Implanted RFID technology may well be a standard channel for transmitting electronic medical data at some point, but that day hasn't come yet.

Right now, RFID is battling it out against smart cards, flash drives and other as-yet-unknown storage media for the honor of being the standard for portable clinical data. We don't yet know whether the chips are worth the cost, whether the data transfer to and from the chips is cost-effective, or whether people are comfortable with the idea of carrying records under their skin. It's all up in the air.

Still, at least one state legislator--Florida Senator Bill Posey--is worried that parties unknown may soon begin slipping medical record chips into patients surreptitiously, enough so that he's backing a bill banning such practices (see third article below).

Now, he may be overreacting, but his fears are still worthy of note. While the professionals reading this newsletter aren't likely to lie awake nights worrying about secret RFID implantations, I'd wager that Senator Posey's concerns aren't unique among consumers with no HIT background. After all, anything that involves an invasive procedure makes people uncomfortable; so much more so for any procedure that puts a computing device under the skin.

To me, this suggests that if we want to keep the many benevolent uses of RFID technology available, it's going to be important to move slowly and explain carefully. Otherwise, hysteria over the potentially sneaky uses of human-based RFID chips could dim the prospects for useful, practical technologies like embedded blood glucose monitors. And that would be a shame, given the immediate and substantial benefits such applications can offer.

By all means, let concerned citizens like Senator Posey move along legislation that protects people against potential abuses of medical RFID technology, if that makes them feel safer. But let's make sure that the benefits of clinical RFID use aren't forgotten in the process. - Anne

P.S. Do you know of other interesting clinical uses of RFID technology out there today? Please drop me a note and tell me what you're hearing!

FL law would ban chip implants without consent

Sun, 25 Mar 2007 20:01:36 -0400

Ideally, patients will only have RFID chips implanted in them if they're on board with the idea. However, a Florida state Senator fears that if protections aren't put into place, patients could have such chips implanted against their will. To make sure this doesn't happen, Senator Bill Posey (R) has filed a bill that would prohibit chip implantation without prior approval. The bill, which some Florida legislators consider a bit, well, paranoid, has nonetheless won approval from the state Senate's health regulation committee.

Though the concept is still in its early stages, having medical record-bearing chips implanted in a patient's skin is far from science fiction. Florida-based VeriChip, which gets consent from every patient involved, has federal approval to implant medical record chips in patients. About 500 hospitals are making this technology available to patients, and have brought the needed scanning technology on board. The idea is not only to make medical data use convenient, but to make histories, drug lists and the like accessible even if the patient is unconscious.

To learn more about the bill, and this technology:
- read this article from The Associated Press

ALSO: Psychiatrist touts the benefits of RFID and computerized therapy. Article

Related Articles:
Wireless, RFID poised for rapid adoption. Report
RFID chip reads blood glucose levels. Report

Ga. insurers unveil easy-access e-records

Sun, 30 Jul 2006 20:01:36 -0400

Georgia's largest health insurer plans to offer its members a personalized medical record that can be accessed over the Internet. Blue Cross and Blue Shield of Georgia just unveiled "the personal health record" and said it will be available to the insurer's 3.1 million members starting in late August. Kaiser Permanente, meanwhile, is planning to roll out an electronic health record in Georgia's Gwinnett County this week. All 286,000 of Georgia's Kaiser members will be able to use it starting September 8. The Blue Cross personal health record will be loaded with claims data, test results and other information from each participating health care provider the patient sees, Blue Cross said. Adoption rate may be somewhat slow if the past is prologue, however: In New York, about 38,000 of Empire Blue Cross's 5 million members have decided to set up personal health records since it was first offered last year.

To get the scoop on this effort:
- take a look at this story from the AP