Health information security breaches are common, fixes common sense

    When a laptop computer was stolen from Thomas Jefferson University Hospital in June, the health information for 21,000 patients was stolen along with it.

    When a laptop computer was stolen from Thomas Jefferson University Hospital in June, the health information for 21,000 patients was stolen along with it.

    Experts say patient privacy breaches have become common as more U.S. hospitals move to digitize their medical records.

    Drexel University Professor Scot Silverstein studies computer information management in the health industry.

    He says electronic records make “massive IT security breaches” possible, and he says concerns over electronic records security are valid.

    Silverstein: You can’t find many news stories about trucks pulling away and stealing a hundred thousand paper charts from a hospital. But you will find stories of hackers or computer thieves coming away with records of tens of thousands – or hundreds of thousands of people.

    The stolen laptop at Jefferson contained personal patient information in violation of the hospital policy.

    Jefferson executives notified patients and offered them identity-theft protection. They are also reviewing records security protocols.

    But Silverstein says a bigger concern is that the data was not coded to protect it from unauthorized users.

    Federal health law allows up to $50,000 in penalties for a single patient privacy violation, but experts say hospitals are rarely fined.

    Health information expert Steve Fox says hospitals can avoid public-relations headaches – and buffer patient confidence — by insuring that records are secure.

    Fox: It’s a big job to get all of the laptops you have, all of the thumb drives you have, all of the portable handheld devices — and encrypt them. There are going to be slip-ups, that’s going to happen, but every time this happens, it’s sort of a wake up call, too.

    Fox leads the information technology group for the Philadelphia law firm Post & Schell.

    Other hospitals across the region have reported similar patient-privacy breaches.

    Want a digest of WHYY’s programs, events & stories? Sign up for our weekly newsletter.

    It will take 126,000 members this year for great news and programs to thrive. Help us get to 100% of the goal.