'Wall of Shame' Exposes 21M Medical Record Breaches 112
Lucas123 writes "Over the past three years, about 21 million patients have had their unencrypted medical records exposed in data security breaches that were big enough to require they be reported to the federal government. Each of the 477 breaches that were reported to the Office for Civil Rights (OCR) involved 500 or more patients, which the government posts on what the industry calls 'The Wall of Shame.' About 55,000 other breach reports involving fewer than 500 records where also reported to the OCR. Among the largest breaches reported was TRICARE Management Activity, the Department of Defense's health care program, which reported 4.9 million records lost when backup tapes went missing. Another five breaches involved 1 million or more records each. Yet, only two of the organizations involved in the breaches have been fined by the federal government."
Re:Punish them. (Score:5, Informative)
With their wallets?
Wasn't there an article recently on Slashdot about how the IRS is likely to pay $21 billion dollars over the next 5 years because of identity theft?
Should have looked further (Score:5, Informative)
"Among the largest breaches reported was TRICARE Management Activity, the Department of Defense's health care program, which reported 4.9 million records lost when backup tapes went missing."
Submitter should have dug a little bit further. TRICARE was the agency where the records originated, but SAIC was the "business associate" that actually lost the records belonging to TRICARE.
Re:Punish them. (Score:5, Informative)
Criminal charges against the CEO, CIO and CSO level. Or at least civil charges.
I'm currently working on a project with a major regional medical HMO. What I've found in 3 months of digging makes me want to *never* have a friend or family go to any of their affiliates. There is zero recognition of privacy -- admins are routinely passing round medical records of celebrities. Their idea of 2 factor authentication was forcing someone to login with the same credentials twice in a row. What appears to be security (doctors, nurses using RFID badges to login and out) is theatre only -- only a single ID is associated with all RFID badges for logins. A complete farce.
Why? Because even when caught there is no penalty. Make the penalty meaningful to the people running things, and you'll see cultural changes pretty damn fast.
Re:Putting health records on the web is a good thi (Score:4, Informative)
Nobody has to "hack" your medical record. HIPAA guarantees you a copy, so go ask for it.
If, instead, your beef is that the doctors treating you don't talk to each other, find some that do. Electronic health records make this trivially possible, and there are lots of Keysers out there practicing managed care [wikipedia.org].
Finally, do you really think that "for-profit insurers" are the only reason Americans expect their medical records to be confidential? I understand that you have Nothing To Hide, but "too much patient privacy" is the last thing wrong with healthcare in America.
Re:Our secret health (Score:0, Informative)
Here is your citation dumb shit.
http://blog.heritage.org/2009/07/31/barney-frank-public-option-is-best-way-to-single-payer/
"Barney Frank:
Because we don’t have the votes for it. I wish we did. I think that if we get a good public option it could lead to single payer and that is the best way to reach single payer. Saying you’ll do nothing till you get single payer is a sure way never to get it. I think the best way we’re going to get single payer, the only way, is to have a public option and demonstrate the strength of its power."
Putting private insurance companies out of business and forcing people onto state run healthcare has been the goal for decades.
None are so blind as those who refuse to see.
State takes over, costs go up.
SSI Bankrupt? Check.
Medicaid/Medicare Bankrupt? Check?
Post office bankrupt? Check?
Need I go on?
And don't give me your stock attacks on Heritage, the fucking video is proof itself. Just try and deny it statist.
Idiot.