Regarding "Fla. man convicted in ID theft, fraud" in the Jan. 25 edition of Health IT Strategist:
Both these rascals should have been put behind bars with hard labor for 50 years or more. Rogues who commit economic crimes affect not one or two people but whole communities. What is the rationale behind giving a five-year sentence to the bigger and "brighter" criminal? So much for the Health Insurance Portability and Accountability Act. The Florida Cleveland Clinic invaders really took the HIPAA ruling literally -- carry the Health Information (of a population) on a Portable disk and Act upon the contents!
Where is the accountability here? What about the hospital that let so much unencrypted data lying around for two thieves to download to a disk or notebook? Who designed their billing software or deployed it on insecure networks?
With the new smart programming tools like AJAX, secure VPN, it is possible to deploy applications on computers without any storage media. Certification Commission for Healthcare Information Technology should look into this as a standard. We need to move beyond Health Level 7. Interoperability should be combined with high level encryption whenever data moves from computer to computer. Biometric login must become the norm. Subliminal warnings that stealing data "Could land you in Alcatraz" might help! Unfortunately, small medical offices are not immune to these kind of disasters. A typical doctor's office has thousands of patient files with not only medical information, but also lots of personal and financial data. EMR enthusiasts really need to look into health data encryption very seriously before wildly pushing this technology into every medical office in this country.
Narayanachar Murali, M.D., F.A.C.P., F.A.C.G.Gastroenterology Associates of OrangeburgDigestive Endoscopy CenterOrangeburg, S.C.To submit a letter to YOUR
VIEWS, click here
. Please include your name, title and hometown.