1. Healthcare IT security- is this the first
real test?
Healthcare IT Security...
Hackers Demand $10 Million Ransom for Health Data
Washington Post - May 05, 2009
Hackers are trying to extort $10 million after breaking into a Virginia state Web site used to track
prescription drug abuse and allegedly holding the data hostage.
Comments (1)
1.
Rachel Phillips
Founder/CEO at Medrok, Inc.
The healthcare industry has been held "hostage" by their fear of exposing patient
information, reluctant and intimidated by valuable technological advances such as
on-line communications that would save our floundering system billions. When
HIPAA regulations were put in place with criminal punishments for exposing
personal patient information, healthcare providers and insurers became nearly
paralyzed by the scope of these regulations and the somewhat vague laws which
were open to "loose and misguided” interpretation. As a medical case manager, I
called a skilled nursing home to find an available lower cost bed for a hospital
patient and the skilled nursing facilities admission dept. told me that they could
not give out their available beds due to HIPAA regulations!!!??? Most certainly,
HIPAA guidelines did not include revealing vacant beds. Yet, I would sign in
through security to see hospital patients and was required to stand behind a taped
red line which was only several feet from the desk. As I waited in line, the visitors
were very audibly giving the security guard the patient’s full name, at times even
mentioning why the patient was there. It was as if they thought all sound was
stopped at that taped boundary. When I mentioned this to the security guard and
that perhaps visitors should write down the information, he showed absolutely no
interest in my observations. When I was working in the ICU and bathing a patient
behind her bedside curtain, a family came in through the unlocked ICU doors
looking for their family member, wandering around the unit and actually pulled
the curtain back observing my patient’s exposed state.. I informed the Director of
Nursing about putting a lock on the doors and it was as if she thought exposing
paper information was more important than exposing a patient's body to strangers.

2. Bottom line: HIPAA regulations require healthcare providers to protect health
information and guard the privacy of patients with constant vigilance For
negligence or willful violations, perpetrators will be prosecuted to the fullest
extent of the laws. Our healthcare system can no longer afford to be crippled by
the threat of hackers and criminals, reluctant and refusing to utilize available cost-
saving technology. In fact, available technology affords better security than paper,
faxing and phone calls. Fingerprint identification, encryption, "shelving" or in-
activating information until it is needed, cataloging patient records on micro-chips
are all higher level security measures than a "taped" line on the floor. As long as
we use careful and APPROPRIATE watchfulness to protect patient information,
we will meet and exceed the purpose of HIPAA laws. And lastly, there are
regulations about the unlawful recipients of protected patient health information
and how they might use that information for financial gain. If a hacker obtains
healthcare records and has no one to “sell” them to, there will be no point for their
criminal endeavors.