Computers with patients’ information stolen from office

AP reported a couple of days ago about computers with patients’ information being stolen from a Pennsylvania medical office. Computers being stolen are nothing new. Data being taken is nothing new. But, the kind of data being stolen of course can make all the difference in the world. In this case (as in most cases) the theft probably occurred because it was easy to do and the computers have some resale (fence) value.

While it is not known if the computers were stolen for identity theft or just the hardware, it’s a safe bet none of the information on those computers were encrypted. Many computers in physicians’ offices do not have decent password protection, let alone encryption.

I will be writing an advisory article shortly about how to make sure our databases, if stolen, or broken into, are not a bastion of easy-to-pick-out information. Basic encryption and information hiding techniques are not prevalent in health IT but it’s time we started. We’d all be pleasently surprised if our SSN’s were even masked let alone our credit card numbers or other identity markers. Let me know if you’re interested in a long article with lots of advice or just a short one with links.

Here are some of my other recent musings about health IT data security:

• Encryption does not mean application security
• More on medical data theft
• Using an iPod to store medical data
• Interesting privacy/confidentiality problems in Healthcare IT