Yes, a breach of a patient's personal medical information privacy is unacceptable, but are we facing a crisis?
Patient confidentiality is not a new concept. And as long as humans are involved in medical care, it's not going to become an obsolete concept, either. But while it may seem like patient privacy protection is imperiled, it actually is improving.
We at HealthLeaders Media are reporting regularly in our daily and weekly e-newsletters about patient confidentiality breaches. Here's a recap of recent privacy infractions we've covered.
- The Virginia Department of Health Professions is contacting thousands of people who may be affected by the theft of medical and personal data stolen from a state Web site by a computer hacker who is demanding a $10 million ransom ("HealthLeaders Media Daily News & Analysis," May 14, 2009).
- CVS Caremark Corp. announced a records-shredding program after the nation's largest pharmacy chain was caught dumping unsecured patient records into trash bins outside its stores, but not before HHS and the FTC slapped CVS with a $2.25 million fine for potential breaches of millions of patient records ("HealthLeaders Media Daily News & Analysis," June 2, 2009).
- Farah Fawcett complained bitterly that her 2½-year battle with anal cancer was made more difficult when her personal medical records were accessed by at least one employee at UCLA Medical Center, who sold her records for $4,600 to the National Enquirer ("HealthLeaders Media Daily News & Analysis," May 12, 2009).
- Kaiser Permanente Bellflower Hospital in Los Angeles was assessed a $250,000 fine under a new California law because 23 employees at a number of Kaiser facilities with access to EMRs unlawfully snooped into the records of Nadya "Octomom" Suleman ("HealthLeaders Media Daily News & Analysis," May 18, 2009).
- Federal prosecutors in Miami charged an employee at Tenet Healthcare Corp.'s Palmetto General Hospital in Hialeah and an accomplice with theft of patient records and felony HIPAA violations ("HealthLeaders Media Daily News & Analysis," May 27, 2009).
Do these cases demonstrate a national crisis in patient confidentiality? No. They represent a handful of isolated but high-profile breaches. They're getting a lot of media attention not because they're commonplace, but because they're rare, and because this is a deeply personal issue that hits every reader who has a medical file. In many instances, the perpetrators are getting caught—or at least the breach is discovered—because of electronic medical records. Supporters of EMRs note that nobody knows how many paper file breaches have occurred in the past because there's no way to track them.