Reports that information on 4.5 million patients from 26 states had been hacked from more than 200 hospitals stunned consumers and the health care community yesterday, even though experts in health information technology have warned of this possibility for some time. News of the hacking incident within Community Health Systems comes as the top US official charged with overseeing the nation's health information technology (HIT) is trying to educate patients about what to expect about the use of their healthcare information.
Reports that information on 4.5 million patients from 26 states had been hacked from more than 200 hospitals stunned consumers and the health care community yesterday, even though experts in health information technology have warned of this possibility for some time.
News of the hacking incident within Community Health Systems comes as the top US official charged with overseeing the nation’s health information technology (HIT) is trying to educate patients about what to expect about the use of their healthcare information.
Karen DeSalvo, MD, National Coordinator for Health Information Technology, said that while patients expect their medical records to be confidential, most accept that information is shared as long as it leads to improvements in their health or the health of others. As Dr DeSalvo said in a recent interview with AJMCtv, many patients expect their medical records to be digitized.
“It means our responsibility, then, is that as health IT, whether we’re government, vendors, or providers, is to do everything we can to fulfill that vision for them … but only when and where they need it.”
On July 1, a report in POLITICO warned that a major hacking event involving health records was “only a matter of when,” if it had not happened already. Turns out it had, for according to a filing yesterday with the U.S. Securities and Exchange Commission, patient data was likely hacked in April and June from Tennessee-based Community Health Systems, which operates mostly rural hospitals across the United States.
According to published reports, hackers had previously attempted to steal information on hospital operations, then moved to patient data. While the criminals did not steal medical information, it doesn’t appear that’s what they wanted: instead, they stole personal data such as Social Security numbers, birth dates, and other information that would permit the creation of phony bank or credit card accounts. This data is protected under the Health Insurance Portability and Accountability Act, (HIPAA).
In her interview with AJMCtv, Dr DeSalvo discussed a security risk assessment tool currently being offered by the ONC to providers which is meant to raise awareness of patients’ expectations and knowledge of appropriate usage of electronic health records.
Patients might not grasp why another person would want their records. But a report in InfoWorld explains the value of a medical record to an uninsured person, especially one in need of an expensive medical procedure: As the report explained, an uninsured person who needs a $1 million heart transplant could pay $250 for a stolen record and a fake ID to get treatment.
This is why it is critical for patients to scrutinize bills, in case they appear to be billed for procedures they did not receive. It could be a mistake, but it could be fraud.
Around the Web
Dr Karen DeSalvo on Sharing and Protecting Medical Information
Big Cyber Attack of Health Records ‘Only a Matter of Time’
Community Health Systems Hack Attack 4.5 Million
Why Would Chinese Hackers Want Hospital Patient Data
Kaiser Permanente was hit by a data breach in mid-April, impacting 13.4 million health plan members; GlaxoSmithKline (GSK) sued Pfizer and BioNTech for allegedly infringing on its messenger RNA technology patents in the companies’ COVID-19 vaccines; the CDC announced the first-known HIV cases transmitted via cosmetic injections.
Read More
Emily Goldberg Shares Insights as a Genetic Counselor for Breast Cancer Risk Screening
October 30th 2023On this episode of Managed Care Cast, Emily Goldberg, MS, CGC, a genetic counselor at JScreen, breaks down how genetic screening for breast cancer works and why it is so important to increase awareness and education around these screening tools available to patients who may be at risk for cancer.
Listen
HOPE-CAT Can Identify Maternal Cardiovascular Risk 2 Months Earlier Than Doctors, Study Says
April 25th 2024In a retrospective study, the machine learning tool was able to screen for potential risks of cardiovascular disease nearly 60 days before the patient's medical record showed any signs of a related condition or before they were officially diagnosed or treated for it.
Read More
Examining Telehealth Uptake to Increase Equitable Care Access
January 26th 2023To mark the publication of The American Journal of Managed Care®’s 12th annual health IT issue, on this episode of Managed Care Cast, we speak with Christopher M. Whaley, PhD, health care economist at the RAND Corporation, who focuses on health economics issues, including the influence of the COVID-19 pandemic on health care delivery.
Listen