Please note that this website will be undergoing maintenance on 9/5/2010, between 12:00 AM and 3:00 AM EDT. The site may be unavailable during this time.

Heath Data Vulnerability Could Sicken You

Dartmouth study finds big potential security gaps
May 21, 2010

Heath care organizations' ongoing use of file-sharing networks has unwittingly and dangerously exposed thousands of documents containing patients' personal data, according to a Dartmouth College study.

The study, conducted by the college's Tuck School of Business, showed that peer-to-peer networks remain highly vulnerable to outside snooping, and that heath care organizations often leave patient data unwittingly vulnerable, according to a Computerworld magazine report. Despite the 2009 passage of the federal Health Information Technology for Economic and Clinical Health (HITECH) Act, which was partly intended to shore up data security, the study showed that some vulnerable documents were put onto those networks more recently.

Dartmouth Professor Eric Johnson, one of the authors of the study, said P2P networks such as Limewire, eDonkey and BearShare yielded documents that included one containing 350 megabytes of patient data for a group of anesthesiologists and another on patients at an AIDS clinic in Chicago. In a related vein, the Dallas Morning News reported that electronic health record vendors of nearly all major regional hospital systems are being criticized for sharing patient data.

The vendor that Dallas-based Tenet Healthcare Corp. uses has been criticized for sharing patient data with drug companies. Fort Worth's Cook Children's Health Care System's vendor has raised the possibility of offering physician customers discounts for sharing patient data. Officials with Texas Health Resources Inc., an Arlington-based hospital system, and Children's Medical Center Dallas said last month that patients seen at one hospital will have their records available electronically at the other if they need to be admitted.

Johnson said even more disturbing is that data was often found in unprotected spreadsheets and Microsoft Word documents, suggesting that many organizations are not adequately protecting the data. In many cases, the entities leaking the data were not even aware of the fact, he said.

"Most of the time there is a lot of disbelief and stalling that goes on," when an organization is first informed about a P2P data leak, Johnson said.

©2003-2010 Identity Theft 911, LLC. All rights reserved.

.
.