Hans Oh’s eHealth Blog

Information, musings from a PhD student, and all things ehealth

• Home
• About

Should patients be worried about the security of their health information? August 30, 2006

Posted by Hans in : analysis, news , trackback

Should people be worried about the security of their health information? In the past, I used to believe that perhaps the issues of security and privacy (an issue that is related to but NOT identical to security) were overblown. I would go so far as to suggest that those with vested interests used these two issues to maintain control and prevent sharing of information (that was the cynic in me). Around the same time, I also held a similar idea that patients didn’t really concern themselves with privacy so much. Most patients assume that health providers share information as needed and that explicit consent to share information between providers was the strangest (if not the dumbest) thing. I also believed that health care organizations seemed relatively secure, based on the measures they take which include triple identity verification and limiting remote access.

Today, I’m not so sure if I feel as confident about the security of my health information. Recently, a family member of mine was almost a victim of fraud (a stranger tried to withdraw a few thousand dollars from a personal account). This incident is my personal connection with the issue of security. The news has some more spectacular reports about security of health information: a stolen laptop with data on 28,000 home care patients and a hospital firm is robbed of 10 computers. To make matters worse, a survey finds that the majority of IT professionals don’t “feel confident they can prevent data breaches” (you can view the full report here). Whoa – if IT professionals don’t feel that they have the necessary resources, are we waiting for a catastrophe? Unfortunately, the survey doesn’t break down the results based on industry. As a result, we don’t know if health care is any better (or worse) than the rest.

I’m not trying to sound like I’m paranoid or some cynic about ehealth and maintaining electronic records of our information. I actually believe that we need to make more of our health information available in electronic format. But, we need to be more vigilant about securing our health information. For example, maybe IT professionals should draft some guidelines (if not rules) on how to dispose of technology, be it CDs/DVDs, hard-disks, or whatever else may contain health information. As we slowly move away from paper, we will need to be more careful about how to dispose of old storage media. For example, patients, in particular, should take care to learn how to dispose of their computers.

So, should you be worried about the security of your health information? I would say “yes” only so that we don’t become lazy in protecting our information. As individuals, some simple precautions could include:

• Shred paper records – use a shredding device to dispose of paper based records (i.e., health information, bills, and any other information with your identity on it). I would recommend a shredder that cuts in “diamond” shaped patterns. I find that the “strip” method is easier to re-assemble paper records. A friend of mine goes so far as to throw out shredded documents over the course of several weeks (handfuls at a time in different bags containing “wet” materials from the kitchen).
• Do not give out personal information over the phone: Unless you’re absolutely sure about the identity of the person on the other line, don’t give out personal information. In fact, if someone calls and asks for your information for “verification” purposes, ask them to tell you what they have. If it’s incorrect, call them back using the official number provided by the company. I’ve had to teach my parents not to give out their information over the phone (they’re a bit too trusting). Now, when they get a call from a credit card company or some other institution, they listen to what the person has to say and hang-up. They call the company back in five minutes and provide any information (if necessary). I’m sure if this method is not fool-proof, but it’s better than giving out your information willy-nilly.
• Use pseudonyms on the Internet: I would suggest you create some fake online identity and use it for registering on websites. Try not to use websites that keep your credit care “on file” for your convenience.
• Ask your health care provider about their security measures: I think we all need to keep our health care providers (be it your physician or your hospital) accountable about keeping our health information secure. Health care providers are busy and often over-worked and usually don’t have excess time to think about things other than taking care of people. As patients, we need to keep reminding them to remain vigilant. We, as patients, also need to help our health care providers too.

I’m pretty much out of ideas as to what else to do to help keep your health information safe. As individuals, we have to put a great deal of trust in the institutions that store and collect our health information. After the terrorist attack on September 11th, 2001, the American government told its citizens that everyone has to play a part in keeping one another safe. Sounds like good advice.

Popularity: 8% [?]

message
name email url

Notify me of follow-up comments via e-mail

search

• Recent Comments

  • Betsy on Another experience at the ER
  • Joeanne Andrew on Healthcare Informatics Technology Trends
  • Allen Taylor on OHA Health Achieve 2008 - thoughts from day 1
  • OHA Health Achieve 2008 - thoughts from day 1 | Hans Oh's eHealth Blog on OHA Health Achieve 2007 - thoughts from day 3 (final day)
  • OHA Health Achieve 2008 - thoughts from day 1 | Hans Oh's eHealth Blog on OHA Conference 2006

• Popular Posts Right Now

  • Informaticopia
  • Writing to come & a new blog of interest
  • Interesting conference - Making the eHealth connection
  • When ehealth is not ehealth
  • Smart homes and health - some thoughts from Alex Jadad
  • WHO definition of health
  • Worlds colliding...industry vs. academia
  • Upcoming Medicine2.0 Conference: Web 2.0 in Health and Medicine
  • ehealth's elusive return on investment
  • An update

• Categories

  • academics (39)
  • analysis (83)
  • conferences & conventions (29)
  • nature of ehealth (3)
  • news (59)
  • open source (3)
  • opinion (58)
  • podcasting (1)
  • research (41)
  • resources (8)
  • reviews (3)
  • site announcement (7)
  • telehealth (2)
  • Uncategorized (3)

• Blogroll

  • “What is eHealth (3): A systematic review of published definitions”
  • Centre for Global eHealth Innovation
  • Common examples of Healthcare IT failure
  • e-Health Tech
  • Informaticopia

• Visitors Online

  • 02 visitor(s) online
  • powered by WassUp

• Archives

  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • February 2008
  • January 2008
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • March 2007
  • January 2007
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • May 2006
  • April 2006
  • March 2006
  • January 2006
  • September 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • February 2005
  • October 2004
  • March 2004
  • February 2004
  • January 2004

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

• Feedburner

  • Another experience at the ER
  • OHA Health Achieve 2008 - thoughts from day 1
  • Unlearning by Alejandro Jadad
  • ehealth’s elusive return on investment
  • WHO definition of health

• Feeds

• Full
• Comments

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.