Security and Privacy are often treated as one and the same, however they are very different. Whereas privacy refers to policies, user identification, access controls and systems design, security refers to firewalls, password management, physical protection of the data etc.
Recently, the health records of 83,000 individuals were lost in Ontario as a result of the loss of a USB key. A micro-SD card smaller than one's thumbnail can store 4GB of information and as solid state hard drives become more popular, we are sure to see the storage capacity of these devices surge. Huge amounts of personal information can be stored on tiny media that are easy to lose or misplace.
Bottom line - make sure that you are extremely careful where and how you store personal patient information. Thinking this through beforehand can avoid dangerous and costly errors at a later date. This is a good lesson for anyone who works with digital patient information.
Health records of 83,000 lost in Ontario OSHAWA, Ont. – Ontario’s privacy commissioner has launched an investigation after a USB drive containing the personal health information of more than 83,000 people, who went to flu clinics in Durham Region just northeast of Toronto, went missing. The USB key contained the personal information of persons who attended a Durham Region Health Department flu vaccination clinic for either an H1N1 or seasonal flu shot between Oct. 23 and Dec. 15. Commission spokesman Bob Spence said the probe will try to determine what happened and what steps might be taken to prevent a similar incident from occurring. A health department nurse was taking a USB key containing the records to her car in Whitby, Ont., for use at a remote clinic site on Dec. 15 when the device was lost. A search failed to turn it up. “We believe it was lost on regional property. We have some video surveillance tape to indicate that was the case,” said Dr. Robert Kyle, chief medical officer of health for Durham Region. Read full article: Canadian Healthcare Technology
Add your thoughts or comments by clicking on the 'Comments' link below
As more and more physicians move their practices to a full electronic medical record the critical need to balance Security, Privacy and Accessibility to the medical record is magnified.
What is equally important to recognize is that the size of the practice does not diminish this. Whether the practice consists of a single physician or the multi-disciplinary teams at a Community Health Centre, the right balance of security, privacy and accessibility must be struck.
This is a challenge that will not disappear with time. With the province's plan to develop an electronic health record, the need to build an awareness of Security and Privacy into the system's design (from Practice to Province) is essential to its success.
Posted by: Brian Sankarsingh | February 16, 2010 at 06:06 AM
This should not have happend. If basic security protocals were in place, like a FIPS 140-2 Level 3 compliant USB device were used for encryption, the lost USB key would only be a chunk of metal in an unauthorized users hands.
Posted by: Victor Beitner CISSP | February 16, 2010 at 10:30 AM
Victor, I wholeheartedly agree with your statement. However, the reality is this: Physicians are not Information Technology people, and so this entire process has to be taken from an educational approach. We dangle and entice them with the prospect of the Electronic Medical Record but as eHealth leaders we cannot neglect to educate them on all aspects of electronic medical record adoption. This includes the change in how the information is protected. Many clinicians ordinarily, will never give thought to the fact that protecting the paper medical record and protecting the electronic medical record are two entirely different things.
Posted by: Brian Sankarsingh | February 17, 2010 at 07:04 PM
One of our readers suggests that users consider a free open source application called TrueCrypt which can encrypt any drive. This open source software will work in Windows, Mac, and Linux and is quite user friendly. URL - http://www.truecrypt.org/
Posted by: Alan Brookstone | March 02, 2010 at 09:41 AM