How insecure our personal data is!

One of my daughters worked for the largest privately held medical records companies in the world, a year or two ago the held a 25% market share here in the US and they are rapidly expanding in all the English speaking countries and Europe. I suspect that with the Obamacare digital record initiative they are probably doing better.

My kid was employed in the implementation troubleshooting unit, at any facility they serviced she had the ability to access every and any record in the system. They often accessed private information in a live setting to try to work out/around glitches that occurred. All of this is perfectly legal under HIPPA; there is an internal audit trail of who accesses what record under exactly what circumstances. The problem is that is all after the fact stuff, and you can't un-ring that bell! There is virtually no way to prevent an intentional breach of client confidentiality by the people that have access to the system, and there are many, many people who have access to the system and numerous levels, particularly in today’s health care environment, most facilities are part of a network, collaborative, or management umbrella organization. It is not unusual for three, four or more hospitals, a couple dozen clinics, and a couple hundred physician offices to be completely connected through a private network with thousands of nodes simultaneously connected to the internet.

There are IT workers with access at every organizational level. In a hospital the IT guys get dozens of calls like, Look at this it doing this and it’s supposed to be that. And every patient has probably 10 different medical record modules within which there is personal data, billing, pharmacy, out patient, doctor office, imaging, testing, qualitative care, it goes on and on.

And that’s not even mentioning the multitude of actual healthcare providers that access the personal data!