Continuing Medical Education News

How secure are your electronic medical records?

Thursday Sep 3, 2015

The shift to electronic medical records has some experts questioning the security of the new systems.

The federal Affordable Care Act — also known as Obamacare — provides incentives to shift medical records from paper to electronic. According to the Centers for Disease Control and Prevention, in 2013, “78% of office-based physicians used any type of electronic health record (EHR) system, up from 18% in 2001."

In a 2012 study, the Ponemon Institute — a Michigan-based research center dedicated to privacy, data protection and information security policy — surveyed 80 health care organizations and found that 94 percent reported having at least one data breach in the past two years, while the average number of breaches was four.

The study estimated that the average data breach compromised nearly 3,000 records and that the average economic impact of a breach is $2.4 million.

The study cited the top three causes of a breach as lost or stolen computing devices, employee mistakes and “third party snafus."

That was the case in Indiana. There, the U.S. Department of Health and Human Services' Office for Civil Rights settled with Cancer Care Group, P.C., a radiation oncology group, for $750,000 to “settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)."

A press release from HHS said that “names, addresses, dates of birth, Social Security numbers, insurance information and clinical information of approximately 55,000 current and former Cancer Care patients" were compromised after a laptop was stolen from an employee's car.

There are other ways that personal health information can be compromised, unintentionally.

“Just think of all the different places where your health care information may eventually end up. It's not secure. You should assume that at this point," said Jim VanderMey.

The innovation officer for Open Systems Technology, VanderMey has been studying health care and its technology for about 30 years.

“The information is spread across so many places and people," he said. “Your providers, your pharmacist, the website you posted your information to, your Facebook updates, your family members who are asking them to pray for them at church."

VanderMey also pointed out that people not only provide their information in many places, but that people also access it from many different places, like computers, cellphones and tablets.

The Office of the National Coordinator for Health Information Technology quoted information saying that 85 percent of U.S. adults have a cellphone, one fifth of all smartphone users have downloaded a health app and half of smartphone users “seek health information from their mobile devices."

VanderMey pointed to the Office of National Coordinator for Health Information Technology's website,, for tips on how to keep your information as safe as possible. They include creating a strong password and updating it often, not sharing your password with anyone, and thinking before you post about health issues on social media.

VanderMey said the nature of health information — that it has to be accessible to many different people — means it likely can't be 100 percent secure.

“We have this tension in our society about wanting doctors to know everything about us, wanting to know everything about us to provide care, but then having this tension with privacy as well," VanderMey said.