« Oracle IRM demonstration on YouTube | Main | Data breach incidents are increasing »

Is your private health information safe anymore?

By Simon Thorpe on February 6, 2009 11:47 AM

It seems that information about your health care activities just isn't safe any more. The news is being inundated with example after example of sensitive patient information being lost and stolen. Just today, in one day, i've been made aware of three incidents.

Patients’ files stolen from car at Royal Hospital

The Liverpool Echo, England, has reported that "personal details of 354 patients [of Royal Liverpool University Hospital] waiting for kidney transplants were stolen from the back of a car... It contained names, addresses, dates of birth and contact details as well as tissue and blood types." Another example of a good reason to employ a technology such as IRM to control the ability to print documents containing sensitive information.

One dialysis patient whose details were lost told the ECHO: “Obviously I was amazed that our details were going around on a paper copy. They should have been on an encrypted laptop." Actually, even storing the document on an encrypted laptop (hard disk, OS, device) wouldn't have prevented them from printing the copy.

Hospital bosses said it was essential transplant team members carried the information, which I agree with. But you should never forfeit this usability with security. Oracle IRM can provide both, ensuring that doctors can travel with the IRM protected content so that they can open the information whilst on the move and without access to the network but still retaining control of the information if the laptop or storage device is lost.

MOST importantly, DON'T let them print this sensitive information in the first place!

Information Commissioner hits another NHS Trust after data breaches

Days after the information commissioner launched an initiative called the Personal Information Promise, they have hit Brent Teaching Primary Care Trust with enforcement action requiring that they will encrypt all data in future and improve security in line with the Data Protection Act.

This is after,"... two laptops were stolen containing the personal information of 389 patients. The laptops were stored in a locked office, but were left out on a desk in breach of the PCT’s own security procedures. What's more, the laptops were not encrypted and contained sensitive information, including health details relating to some patients. "

Mick Gorrill, assistant commissioner at the ICO goes on to say; "I am increasingly concerned about the way some NHS organisations are transferring sensitive records onto laptops and other mobile devices that are not encrypted. Organisations need to ensure they implement appropriate safeguards to ensure personal details about patients are processed securely.”

I bet millions of NHS patients also share your concern Mick :)

Catskill Regional Medical Center says worker peeked at patient files

A Catskill Regional Medical Center employee was fired Thursday for looking at the files of 431 patients without authorization.

recordonline.com reports that, "The 10-year employee was working in medical records at the time of the violations and had ready access to the files, but a routine audit determined she was looking at files she had no reason to be in, including those of acquaintances and neighbors, said hospital CEO Steve Ruwoldt. "I think she was just curious," he said. "She was nosy."

Well good news that the medical center was able to audit and gain evidence of this breach. Not good news for the employee of course! I'm not aware what format the patient data was stored in, but Oracle IRM would have helped both the center in ensuring any documents containing such data could be secured from illegitimate access as well as stopping this particular employee from have a "quick nose" at the information, and it may have well saved her job.

People are curious and if the controls are not there to protect the information, its human nature to take a "sneaky peek". I'm sure she is regretting her actions and this raises an interesting point about using IRM. There is real benefit to the end user. If the organisation can correctly protect the content then they can be safe in the knowledge that they can only open content they should legitimately get access to, even if moments of weakness do occur.

Tags:

AddThis Social Bookmark Button

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Oracle IRM resources

IRM at oracle.com
Online demonstration
Oracle MIX group
Downloads on OTN
Technical white paper
Business white paper
More...

Want to evaluate how Oracle IRM works? Please contact us and we can quickly setup you up with a hosted evaluation.

Search All Blogs

About This Entry

This page contains a single entry from the blog posted on February 6, 2009 11:47 AM.

The previous post in this blog was Oracle IRM demonstration on YouTube.

The next post in this blog is Data breach incidents are increasing.

Many more can be found on the main index page or by looking through the archives.

Top Tags

RSS

Subscribe to this blog's feed
Powered by
Movable Type and Oracle