Spying Technology Creates a HIPAA Nightmare

National Public Radio calls it a "driveway moment." It's when one of their stories is so engrossing that the listener sits in his car, in his driveway, waiting for it to finish before he goes to the house at the end of the work day commute.

The network's Marketplace program provided such a moment last week with a story on "Little Brother," and the new, powerful, ingenious, and inexpensive snooping gadgets that are available to just about anyone interested in violating your privacy.

Here are some of the frightening new snooping technologies mentioned in the piece:

• Abrowser plug-in named "Firesheep" that allows snoops to monitor anyone using the wireless networks in their immediate area. The plug-in will display the name and show pictures of other surfers nearby – perhaps someone using Facebook -- and allow the snoop to log-in as that person. According to Marketplace, a hacker could post photos, send messages, pretty much do whatever he wants, all in someone else's name. Firesheep has been downloaded more than 1.3 million times, and its creator told NPR he did it to show how vulnerable we all are.
• That same programmer, Eric Butler, told Marketplace he is developing a smartphone app that will let users read trip data off strangers' transit cards – right through their wallets! (Emphasis mine!)
• A company called Flexispy allows its customers to surreptitiously load its software onto the phones of their frenemies, acquaintances, or family members. Then starts the spying by listening in on conversations or tracking people via GPS. 
• For about $1,200 you can buy what Marketplace described as "your own malicious cell phone tower," which will allow you to monitor voice transmissions, texting, even data.
• Facial recognition programs for cell phones and other devices are becoming more sophisticated and affordable, as are tiny aerial drones with cameras attached.

Listening to all of this should arouse amazement and dread in equal parts. It's easy to see that many of these new snooping technologies could be used to monitor the conversations and other data of healthcare professionals, or tap into patient healthcare files. Now, with the advent of electronic medical records, that prospect is even more frightening.

Imagine, for example, that a famous movie star is in your hospital. Given what we know about the low scruples and financial wherewithal of the tabloid news industry (remember the Farah Fawcett HIPAA debacle?) they could easily employ any of these strategies to steal information for some sleazy scoop. As far as I know, Tabloids don't pay HIPAA fines. Hospitals do.

Hospitals are labor-intensive worksites with thousands of employees, most of whom probably own a cell phone, many of whom regularly log on to Facebook, or other social media networks. The vast majority of healthcare employees are honorable people who would never willfully violate patient confidentiality. Nonetheless, given the new snooping technology, every single one of those employees represents a potential security breach that could cost your hospital thousands of dollars in HIPAA fines and untold public embarrassment. 

Whatever patient identity protections your healthcare organization has installed, it's hard not to have a sneaking suspicion that the snoops will always be one step ahead in the game. Take a look at some of the devices identified by Marketplace, and imagine how they could be used against your healthcare organization.

Perhaps it's time to remind employees of this brave new world of identity theft and eavesdropping, the devices that are becoming available to just about anyone, and the dangers they pose to patients and the people and organizations who heal them.