Extortion Argument for HIT De-Identification

Posted on November 24, 2008 by Dr. David Edward Marcinko MBA MEd CMP™

A Really Scary Tale

By D. Kellus Pruitt; DDSpruitt

Upon arriving at the office early one morning recently, Dr. Smith logged on to the Internet to check her email. Among the usual pieces of junk email, one from Nigeria caught her eye. She recognized the name of one of her patients, written in bold letters. She thought, “That’s odd.” Smith opened the email to read more.

The Threat 

“I am revealing the name of your patient, who lives on Oak Street, as proof that your computer has been hacked. I have social security numbers, birthdates, insurance information … You name it, and I’ve got it. It will go on the market in 24 hours if you do not do exactly what I say …” (This is the start of price negotiations – for the first time).

The Decision 

What will Dr. Smith do? At the very best, she can hope that it’s a bluff. Nevertheless she must contact not only the FBI, but every one of her patients who are at risk of identity theft. That alone will bankrupt her practice because a large portion of her patients will never return. They will look for dentists with paper records. The very worse thing she could do is pay the ransom. In the end, how much did the bad guy risk to destroy a wonderful career, even if it was a bluff, or a devastatingly mean trick? You can relax now; this story is fiction. Here is the non-fiction.

NEWS FLASH!

“Script said the new letters were received by Express Script clients in recent days and is similar to the letter it first received. That letter included personal information on 75 people covered by Express Scripts, including birth dates, social security numbers and prescription information. The sender demanded money from the company, under the threat of exposing records of millions of patients.” – BusinessWeek [11.11.08]

More: http://www.businessweek.com/ap/financialnews/D94CVLJO0.htm

Lose the Threat 

Dentists must lose this danger or lose their computers. Let’s temporarily put aside our dreams about how wonderful technology might become and open our minds to ways to go around insurmountable obstacles instead of pretending everything is wonderful in stakeholder land. For once, let’s seriously look into de-identifying our patients’ electronic dental records already. Forget about HIPAA and inspections. Forget about AHIC Successor Inc. Forget about CCHIT, CMS and even the HHS. Forget about Newt Gingrich and the past, present and future Presidents of the American Dental Association who prefer to be irrelevant than to discuss anything bad about electronic dental records. And especially forget, with prejudice, executives of dental insurance companies who demand interoperability on their NPI-driven terms. Let’s sidestep the biggest mistake in healthcare history. It does not have to be ours.

More Info:  Dictionary of Health Information Technology and Security 

www.HealthDictionarySeries.com

Not a Fete’ Accompli 

Some leaders who have poor understanding of the modern marketplace would lead ADA members to believe that there is nothing that can be done to stop eHRs in the United States of America, no matter how expensive, dangerous and lousy stakeholder interests make them. Why; “cause I said so?”

Example:

Let me give you an example: “If we don’t participate, then who knows what will happen regarding the dental part of the eHR? eHR is on the way.” – Dr. John S. Findley, President of the ADA in “President-Elect’s Interview: Part 2,” ADA News Online (ADA members only).

More: http://adabei.com/members/resources/pubs/adanews/081006_findley.asp

If we don’t participate, Dr. Findley, dentistry will proceed with safe paper records like it has for a century or so.  I have clearly shown that far worse things could happen.  Shouldn’t we “first do no-harm” to our dental patients?  What happened to the ethics of the American Dental Association?

Stakeholder Optimism 

Even though optimistic stakeholders, hobbyists and hangers-on disagree with me, electronic dental records are not inevitable. At least they are not inevitable in the next decade or so.  They can easily become so lousy and so mistrusted by doctors and patients alike that they will set back miracles from Open Source Evidence-Based Dentistry forever. They are almost there already because of ambitious stakeholders, hobbyists and slow-moving hangers-on; like Dr. John S. Findley.

Assessment

Remember, decades ago the US was supposed to be on the metric system.  Sometimes inevitability takes so long that you might as well just forget about it.  And, the metric system even makes sense.

Conclusion

Unlike medical records which must remain secure even if de-identified, nobody, I repeat, nobody cares about breached dental histories. Physicians may have no choice. Dentists do! As always, your thoughts and comments on this Executive-Post are appreciated.

Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com  or Bio: www.stpub.com/pubs/authors/MARCINKO.htm

Subscribe Now: Did you like this Executive-Post, or find it helpful, interesting and informative? Want to get the latest E-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

 

Filed under: Drugs and Pharma, Health Law & Policy, Information Technology, Professional Liability | Tagged: , , , , , | 2 Comments »