Six Lines

280,000 Missing Medical Records

Posted by Aaron Massey on 27 Oct 2010.

Last week, a Philadelphia-based healthcare organization announced that 280,000 of their medical records had been breached. The records were on a thumb drive that went missing. The thumb drive had also been used in various community health fairs.

This is not new or even particularly surprising, and I wouldn’t otherwise link to it except for this quote from an article about the event:

“That seems grossly irresponsible,” said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.

“Why would you be hauling around private patient information to a health fair,” she said. “I can’t imagine what they were thinking, taking this data out of a locked room at company headquarters.”

Yes, it is irresponsible to lose 280,000 medical records. No one can deny that; it’s simply unacceptable. However, it’s not like they were “hauling around private patient information.” If you put 280,000 medical records on a thumb drive, the thumb drive still weighs only a few ounces. It doesn’t look any different. It doesn’t smell any different. It’s just a thumb drive.

The fact of the matter is that losing 280,000 electronic medical records is just as easy as losing your keys. If these were all paper-based records, it would be extremely hard if not impossible to misplace them. You would literally have to “haul them around” if you wanted to move them at all. However, if the records are stolen digitally, you might not even know if they are missing. These are pretty basic computer security facts and everyone involved in protecting electronic information needs to understand that the rules change for digital data.