Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Data breaches and EMRs: bad guys or just dumb mistakes?

Posted on August 3, 2011 I Written By

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at doctorwestindc@gmail.com.

I love this post by George V. Hulme at CSO Online because it really highlights my high level of skepticism regarding all the need for worry about encrypting everything to death where electronic medical records are concerned.  Yeah, yeah, yeah.  I’ve heard it over and over, ad nauseam.  I don’t necessarily disagree that data security is important, but just please someone name me some examples of where a nefarious miscreant was purposely trying to steal protected health information (PHI) electronically with hacking.  I’m sure such documented incidents must be out there somewhere, but they don’t seem common since I’ve never heard of any actual cases.  Even the strange one reported (but not really well referenced) in the above post was, okay technically crime, but not electronic at all.  The criminal cited in the story was apparently trying to manually steal what sounds like a hardcopy paper file from the doctor’s home.  I’ve always told my colleagues and friends, “What the bleep would anyone want with some average patient’s health information?  And who’s gonna go to the level of sophisticated, tech-savvy theft to get it?”

It really seems like crazy paranoia to me to think that anyone cares about Mrs. Smith’s medication doses, whether she smokes or has a beer every now and then, or when she was last seen in the office.  Come on, people, that’s not going to make anyone rich — pretty much has no street value at all on the surface.  So I ask again for your assistance in throwing me a bone.  Help me understand where the rubber meets the road and we really need to go crazy with overly expensive and extreme technology to avoid electronic data theft.  Someone think up the next blockbuster summer movie script.  “The Net III”?  I’ll take crazy Sandra Bullock movies for $100, Alex.

Dr. West is an endocrinologist in private practice in Washington, DC.  He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009.  He can be reached at doctorwestindc@gmail.com.

Doctors as data security experts? No way.

Posted on June 21, 2011 I Written By

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at doctorwestindc@gmail.com.

In Katherine Rourke’s June 15th post “Can Providers Cope With EMR Security Challenges?”, she asks the question of whether doctors are prepared to deal with increased challenges dealing with IT security of electronic medical records.   In my experience, this is mainly a challenge for practices that buy EMR software outright and host patient files on their own computers or server.   This is in contrast to web-based and hosted EMR systems, in which the responsibility for data encryption and security falls to the vendor themselves. The vendor then becomes responsible for software issues, including updates when the security software becomes outdated, which it seems to do at least annually, if not more frequently.  John Lynn seems to agree in his recent post over at EMRthoughts.com.

I can’t imagine any doctors having the time or training — or desire, frankly — to deal with such a rapidly evolving field.   Such personnel should, in my opinion, not be trying to tackle this problem. Go with a web-hosted alternative instead. It’s much, much easier.

Dr. West is an endocrinologist in private practice in Washington, DC.  He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009.  He can be reached at doctorwestindc@gmail.com.