I love this post by George V. Hulme at CSO Online because it really highlights my high level of skepticism regarding all the need for worry about encrypting everything to death where electronic medical records are concerned. Yeah, yeah, yeah. I’ve heard it over and over, ad nauseam. I don’t necessarily disagree that data security is important, but just please someone name me some examples of where a nefarious miscreant was purposely trying to steal protected health information (PHI) electronically with hacking. I’m sure such documented incidents must be out there somewhere, but they don’t seem common since I’ve never heard of any actual cases. Even the strange one reported (but not really well referenced) in the above post was, okay technically crime, but not electronic at all. The criminal cited in the story was apparently trying to manually steal what sounds like a hardcopy paper file from the doctor’s home. I’ve always told my colleagues and friends, “What the bleep would anyone want with some average patient’s health information? And who’s gonna go to the level of sophisticated, tech-savvy theft to get it?”
It really seems like crazy paranoia to me to think that anyone cares about Mrs. Smith’s medication doses, whether she smokes or has a beer every now and then, or when she was last seen in the office. Come on, people, that’s not going to make anyone rich — pretty much has no street value at all on the surface. So I ask again for your assistance in throwing me a bone. Help me understand where the rubber meets the road and we really need to go crazy with overly expensive and extreme technology to avoid electronic data theft. Someone think up the next blockbuster summer movie script. “The Net III”? I’ll take crazy Sandra Bullock movies for $100, Alex.
Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009. He can be reached at firstname.lastname@example.org.