I've had my credit card information stolen three times in less than 10 years, and chances are it will happen again.
Credit card data thieves racked up thousands of dollars in charges in the name of my wife and me in 2006 and 2010, for big-ticket items that were shipped worldwide. A much smaller theft occurred just last year.
So I can relate to the concerns raised by the millions of people who have possibly had their personal information stolen as a result of online security incidents at Target and other companies, and a major attempt to do so at Yahoo. [I also may be a part of the Target theft, according to a letter from the retailer.]
I know firsthand how having your financial information out there floating around can be distressing, but I would be even more upset if my electronic health record were stolen. Not only would they have potential access to my social security number, opening the door to full-on identity theft, but I wouldn't want people to be reading my medical record. Sure, I may have visited a dermatologist several weeks in a row back in the late 2000s, but why is my business.
Nevertheless, it doesn't appear that the Target and Yahoo data incidents are having much of a direct effect on patients' faith in electronic health records. Shafiq Rab, vice president and chief information officer for Hackensack University Medical Center, said that he hasn't heard of patients' describing concerns about the security of their medical records as a result of what happened at Target and Yahoo.
"It has made the CIOs and the CMIOs and the board and the compliance officers a little more paranoid than they were before," Rab says, but people aren't making the connection between what happened at Target and their EHR. Had there been a breach at a hospital or health system at the same time that Target was on the front page, well, then people would likely be more sensitive to security surrounding their health records, Rab says.
The bigger effect has been on the provider side, where technology experts are examining their internal protocols. "In the health care industry, only the paranoid and the intelligent survive," Rab says.
While I laughed at his joke, it holds some truth. CIOs and CMIOs should feel lucky or relieved that there wasn't a health care data incident that the public could lump in with the Target breakdown. Perhaps some will be inspired to crank up EHR security to even greater levels. Target has been hit hard by the incident and there's too much at risk for hospital and health system executives to treat information security with a light touch.