Dear Healthcare IT Insider,
The security of privileged information -- or lack thereof -- is seemingly omnipresent in the media. The specter of identity theft has many of us, including me, shredding personal mail at home rather than tossing it in the trash for curbside pickup. Social Security numbers are no longer given out for the asking, credit card receipts are swiftly secured, and laptops are password-protected to discourage exposure of private data.
Even as we take these steps in our personal lives, it seems that every other week brings with it the disclosure of a misstep by a professional, corporate, or government entity that results in dissemination of confidential information.
In U.S. healthcare, HIPAA is supposed to ensure the privacy and security of protected health information; likewise, Directive 95/46/EC of the European Parliament was enacted to ensure that similar care of personal data is taken in the European Union. Although these pieces of legislation are fairly specific about what is to be protected, the mechanisms of protection are largely unexplored.
That ambiguity could be a wrench in the gears when it comes to the security of transmitted medical information, argues Rocklyn Lien. Lien, a radiologic technologist and PACS administrator trainer, notes that data that is being transmitted is exposed to public systems, and in jeopardy of being accessed and copied by potentially malicious third-party users.
Although a facility can craft strong data security policies and implement them with a combination of physical, information technology, and logical devices, the integrity of the information it sends beyond its network is at the mercy of its arrival destination -- each and every time a message is transmitted.
The "not my problem" response of some system administrators and chief information officers to this problem won't necessarily play well when it comes to liability; even though the Electronic Communications Privacy Act of 1986 provides punishment for the illicit capture of any form of digital communication, the sender of an e-mail could potentially still be at risk of civil charges and penalties, according to Lien.
To learn more about the security considerations of transmitting digital medical information, click here. As a Healthcare IT Insider subscriber, you have access to this story before it's published for the rest of our AuntMinnie.com members at the end of the week.
Finally, if you have a comment or story to share about any aspects of healthcare IT, please get in touch with me at [email protected]. I look forward to hearing from you.
