Let the patient beware: Data breach prompts warning

Medical records, birth dates and Social Security numbers of more than 70,000 people were compromised when a computer flash drive was stolen from Philadelphia’s Family Planning Council late last year. The council just publicized the theft this month.

Last summer, a lap top containing data from more than 20,000 patients was stolen from Thomas Jefferson University Hospital.

Ross Koppel of the University of Pennsylvania studies health-care information technology. As more providers are digitizing records, he said more breaches are occurring. And he worries that this threat could have an impact on the doctor-patient relationship.

“The only way we can treat patients is by having them open up to us, and if they are worried about access to their data by unintended receivers, then we are in a terrible dilemma,” said Koppel.

While people are horrified at the thought of having their medical records stolen, Koppel said thieves are probably not interested in that part. He said they’re much more likely to use the information to gain access to bank accounts and credit cards.

Koppel said the benefits of digital records still far outweigh the downside.

Experts on data protection say consumers should become more aware of these potential threats. Mike Prusinski of LifeLock identity theft protection said that consumer protection, which varies from state to state, is insufficient.

“Unless there’s more than 1,000 people affected by a data breach, an organization isn’t even obligated to tell you that one had happened,” Prusinski said.

He recommends that patients ask medical providers how they are protecting their information.