Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Understanding the Risks of eMRs and Internet Connectivity
[By Carol S. Miller; RN, MBA]
E-mails, PDA data, and Internet connectivity, unless encrypted, can be read by anyone. Therefore, if these items are not encrypted, physicians should be careful of what they say and how they say it, especially when discussing any patient information with other providers, vendors, or managed care organizations. In addition, just because you deleted e-mail from the system does not mean that you have deleted it from the server or from the computers that maintain copies of your server’s data. HIPAA regulations set forth the criteria in electronically transferring patient related data via the Internet.
Secure and Encrypt Messages and Health Information
If you want secure messages, an encryption program should be used. If the message is intercepted the text will be scrambled to anyone other than your intended recipient. Most physicians feel encryption is too time consuming; however, programs such as Pretty Good Privacy at www.pgp.com provides an easy and nearly seamless integration into e-mail and operating systems, encrypting the sensitive files but still allowing ease of communication. PCP software developed by MIT and endorsed by HIPAA, uses privacy and strong authentication. Only the intended recipient can read the data. If files were intercepted, they would be completely unreadable. Other software programs are available in the marketplace that will work using a private key – similar to a password. Tell the program the name of the file you want to encrypt and the private key, and the program uses a mathematical algorithm to encrypt the file. For reference material on various encryption and security software programs, search the web under “encryption” or go to one of the following sites: www.zixit.com, www.cisco.com, www.aspencrypt.com, or www.verisgn.com.
Assessment
In addition to encryption, the office needs a good anti-virus program that is designed to detect and prevent viruses, such as Norton Anti Virus at www.symantec.com and McAfee VirusScan at www.mcafee.com
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
- Dictionary of Health Economics and Finance
- Dictionary of Health Information Technology and Security
- Dictionary of Health Insurance and Managed Care
Share this:
Filed under: Book Reviews, Career Development, iMBA, Information Technology, Practice Management, Recommended Books, Sponsors | Tagged: carol s. miller, david marcinko, EHRs, EMRs, health 2.0, health data encryption, health information security, healthcare IT, HIPAA, hope hetico, internet connectivity, PDAs, www.healthdictionaryseries.com, www.medicalbusinessadvisors.com |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
Encryption is not even pretty good, sorry
Let’s face it. Encryption is not the answer to the privacy problem with slippery eHRs – which can unexpectedly become bankruptcy-level patient notification problems. Patients will still demand to be notified because a significant portion of consumers do not trust encryption enough to volunteer their most private medical information. If one disregards these consumers, one is left with a collection of questionable and dangerous eHRs.
De-identification makes more sense. Like encryption, it is a compromise, but a far less expensive one. Because of its simplicity, de-ID is at least as good as software someone might gather the nerve to call “Pretty Good Encryption.”
Let me ask this: How much will encryption be worth in the public eye the first time an insurance thief cracks it by the millions? How well does encryption work to counter the intentions of a dishonest and/or disgruntled employee? Or a dishonest and/or disgruntled doctor?
Anyone want to counter one or more of my points?
Who in the audience would rather not know if your doctor fumbled your records – as long as they are encrypted?
I’ll be honest with you. I damn sure want to know. Of course, I would also expect my doctor to notify me if my de-identified records were stolen. But you know what? If records were de-ID’d, I wager that not only would very few of these records be stolen, but the majority of Americans would not really care about a breach that much – making notification significantly less of a burden (expense), and one’s professional reputation in the community would suffer far less damage.
Almost all Americans’ health records are no more exciting than dental records. If a thief of anonymous medical data somehow linked my name to a dependency on blood pressure medicine, all I can say is, “Thanks for the concern.” On the other hand, I don’t want my name anywhere near my DNA code. I certainly don’t want it written in the same language, and available from a Website in Nigeria.
Those who have issues related to their de-ID’d records could receive the attention they have the right to demand on an individual basis. Yes. It’s a compromise. But it’s not a bad one.
Here’s another advantage. De-identification would eliminate almost all of celebrity snooping. By the way, Kaiser Permanente in California just got fined 250 thousand dollars for the breach of the octuplet mom’s medical information. Would that have occurred if the patient’s name were not on file? For a case of octuplets, probably. But for a celebrity with cancer? Not likely.
Any takers?
D. Kellus Pruitt; DDS
LikeLike
Carol and Darrell,
Johns Hopkins investigating identity theft incident
According to Anne Zieger, of FierceHealthIT, authorities are investigating the theft of patient information from Johns Hopkins Hospital, possibly by a former employee. The theft appears to have been part of a scheme to make fraudulent Virginia driver’s licenses.
http://www.fiercehealthit.com/story/johns-hopkins-investigating-identity-theft-incident/2009-05-26?utm_medium=nl&utm_source=internal
Talk about secure medical records?
Beau
LikeLike
So would encryption have prevented the theft? Hardly.
Dr. Darrell K. Pruitt; DDS
LikeLike
More on Encryption Insecurity
Do you think dental patients should be notified of data breaches, even if their identities are encrypted? Would you want to be notified if your encrypted identifiers were fumbled by a healthcare organization, Doc?
“WARNING: Using TrueCrypt is not secure.” – TrueCrypt, May 28, 2014.
http://truecrypt.sourceforge.net/
How about now?
Very few in dentistry are likely to share this news with you. It’s no joke. Without prior warning, TrueCrypt, one of the nation’s most trusted encryption services, shut down their encryption business under suspicious circumstances, vaguely blaming the end of Windows XP support – which they knew was coming months if not years ago.
Until last week, TrueCrypt’s popularity extended to dentists as well – some of whom have experienced stolen computers. Let’s say a hard drive containing a thousand or so patients’ identities was lost months ago, but since encryption is a HIPAA Save Harbor, the TrueCrypt customer was justified in not notifying patients of the breach at that time. But now that TrueCrypt confesses that its encryption is not secure, is it not the dentist’s obligation to notify the individuals affected by the breach, as well as local media and HHS? That could cause bankruptcy.
The internet is unusually quiet about this far reaching calamity. I think the security industry is simply stunned, and virtually all Americans are still clueless about the frightening implications: Their identities might be far more vulnerable to thieves than they imagine. What’s more, the source of the vulnerability has been kept hidden from them – possibly for years.
Let me offer that de-identification is an alternative HIPAA Safe Harbor: Unavailable information is forever more secure than temporary encryption. Still too soon?
D. Kellus Pruitt DDS
LikeLike
A Quarter of Healthcare Workers Don’t Have Email Encryption Capabilities
DataMotion recently announced results of its third annual survey on corporate email and file transfer habits, revealing significant security risks. Here are some key findings from their healthcare respondents:
• Nearly a quarter of respondents reported they don’t have the capability to encrypt email.
• 8% said they’re permitted to use mobile devices for email
• Of those, 31.3% cannot send and receive encrypted email from their mobile client.
• Almost 42% said they’re unaware of Direct (the secure, email-like protocol developed for healthcare).
• Of those who are aware of Direct, 42% say their organization is not using the alternative to email encryption.
Source: DataMotion, March 11, 2015
LikeLike
Jus say NO to DNA tests
http://www.msn.com/en-us/news/us/pentagon-tells-military-personnel-not-to-use-at-home-dna-kits/ar-BBYhCiU?li=BBnb7Kz
Karen
LikeLike