As medical records make the shift towards the digital world, becoming more easily accessible to our health care professionals online, there needs to be assurances set in place to prevent breaches in security. As the systems become more interconnected for easier access (take, for instance, the development of smartphone applications and provider-created portals), the safeguards that are put in place must evolve, change, and adapt to the increasingly challenging demands of information security. With the advent of electronic medical records, hackers now have point-and-click access to extremely sensitive medical records.
In the past, a single breach at one medical office would not nearly have the same reach as it would today. Due to the centralization of medical records with electronic databases, modern hackers have the potential to gain access to millions of sensitive documents that can include patient information from entire regions, provinces, and even countries. In the past, having physical medical records stored at multiple medical offices distributed across thousands of square kilometres would never have exposed a comparable number of users to the current security fears they face today. As such, the security measures in place must meet the growing demands of the system as they become increasingly interconnected with technology, essentially providing push-button access to the full medical records of millions of people. Furthermore, safeguards should be in place to prevent the release of more sensitive information––information that is personally identifying in nature. This type of information includes patient names, residential information, and social insurance/security numbers to mitigate damage if a security breach were to occur.
In the United States alone, 2015 was a year where upwards of 105 million people had their medical records breached––that’s roughly a third of the U.S. population. That’s absolutely astonishing! In fact, in the UCLA Health System data breach, affecting 4.5 million individuals, UCLA didn’t take basic encrypting steps to secure their patient data; therefore, hackers obtained identifying information including: names, dates of birth, social security numbers, medicare and health plan ID numbers, and other sensitive medical information. In a year where health systems were repeatedly hacked, isn’t it irresponsible to not even take the basic steps towards safeguarding the database?
“For patients that entrust us with their care, their privacy is our highest priority. We deeply regret this has happened,” said Dr. James Atkinson, interim president of the UCLA Hospital System. The data breach at the UCLA Health System was only one of many in 2015 and only represents a fraction of the breach that occurred at Anthem Healthcare, where reportedly, about 78 million individuals were affected. Below is a list outlining the notable U.S. healthcare data breaches in 2015 alone:
- Anthem Healthcare: 78.8 Million
- Premera Blue Cross: 11 Million
- Excellus Blue Cross Blue Shield: 10 Million
- UCLA Health System: 4.5 Million
- Medical Informatics Engineering: 3.9 Million
- Care First: 1.1 Million
In the mentioned beaches, personally sensitive information including names, dates of birth, medical IDs, residential addresses, and social security numbers were compromised, giving the hackers access to a trove of information that could then be used in identity theft. Despite these scares, it should also be noted that the movement towards an electronic records system is a positive development for the healthcare community, as seen in the following list.
- Instantaneous access to medical records in cases of emergencies
- Rapid information sharing amongst health care providers and regulators, thereby providing greater coordination between practitioners and reducing medical errors and misdiagnosis
- It’s more practical than keeping physical records, electronic records are more convenient, eliminates the need for large physical archives, and are more organized and easily sorted
- The accessibility provides huge benefits for the Scientific community, including:
- Provides accurate information for characterizing the population, reducing costs by eliminating the need to perform characterization studies in clinical research, streamlining research funding
- Allows for accurate disease monitoring and tracking, identifying potential outbreaks and epidemics
- Assists in directing medical research towards more prominent or emerging health concerns; thereby, facilitating the progression towards a more pre-emptive medical system vs. a reactionary medical system
Cybercrime poses a very real threat. However, when considering the benefits that can come of the electronic health system, the advantages are far too valuable to abandon the system altogether. In light of the breaches, it can only be concluded that the current safeguards are not up to standards when it comes to preserving patient privacy. We can only hope that companies, businesses, and institutions have taken the necessary precautions in securing their respective networks, as cybercrime is only going to become more prevalent in an increasingly interconnected future.
About Khanh Tran
Khanh enjoys pursuing knowledge across disciplines and wishes to connect his health knowledge with the industry’s growing privacy concerns.