The Anthem hack reminds us how electronic medical record security is not ready for prime time

This post has been read 2076 times!

The Anthem computer hackFebruary 5, 2015- By Steven E. Greer, MD

The large health insurance company now called Anthem, formerly known as WellPoint (which owns Blue Cross plans, adding to the confusion of nomenclature) is making national news for announcing that 80 Million members have had their personal information stolen by computer hackers. The company made great effort in the press release on the hacking to assure the public that actual details of medical records were not breached, and that “only” social security numbers and other data were hacked.

The mainstream press did nothing to question the claim that actual medical records were not stolen. I asked the company to explain why they are so certain. They did not reply to our email.

Regardless of the true extent of the violation of privacy that the Anthem data theft poses, it highlights the biggest risk to electronic medical records: the data is nowhere nearly secured enough for e-records to be rolled out on mass scale for 300 Million Americans. Most doctors are instinctively untrusting of e-records for these very concerns.

Proponents of e-records usually have large vested financial interests in promoting them. For example, former Speaker of the House, Newt Gingrich, was trying to earn a living as a consultant and lobbyist for the e-records industry and was one of the most vocal advocates. The Federal government’s own CMS, which administers Medicaid and Medicare, also has a strong financial interest in better controlling costs through e-records. However, none of the entities with financial conflicts of interest in promoting e-records seem to have the best interest of the American citizen in mind.

The computer technology used by the companies awarded contracts by CMS to run crucial websites that collect personal medical records for the new ACA (ObamaCare) law were exposed as being incapable of doing even basic tasks when the ACA went live. Many companies security experts have pointed to the security holes in the ACA insurance exchange computer system.

Electronic medical records have information on everyone’s most sensitive, and potentially embarrassing, information, ranging from sexually transmitted diseases to histories of abortion. The information can also be used to discriminate against people with certain mental diagnoses.

Computer hackers are far more advanced that even the security teams hired by the wealthiest private industries. Computer-run websites, even at the Pentagon, are decades behind the hackers. For any logical person who does not have a financial interest in promoting e-records, it would seem to be a bad idea to roll them out in mandatory fashion on a mass scale.

This entry was posted in - Federal government, - Politics, Doctors, Dentists, Op-Ed. Bookmark the permalink.

1 Response to The Anthem hack reminds us how electronic medical record security is not ready for prime time

  1. BettyK says:

    I understand that people are concerned about the hacking, which resulted in access to medical records. Some people could have sensitive information that might bring them fear of embarrassment. However, 100% of the people whose records were hacked should be concerned about access to their social security number (SSN) as this can lead to identity theft.

    SSNs can only be required when the person/company needs it for reporting financial transactions to the IRS. Many insurance companies stopped using social security numbers as the required identifier and instead have created their own method of assigning a unique identifier that they use. It is apparent that Anthem lacks regard for their clients wanting to protect their identities (since they still require people’s social security numbers) so it should not be a surprise that this lack of regard for security is apparent in other ways.

    The federal government established the Identity Theft Task Force in 2006. One of the first recommendations the task force made was decreasing the unnecessary use of Social Security numbers. Fundamentally, a social security number is only necessary if the company (e.g bank) is required to report income to the IRS. The insurer used by my employer has not used social security numbers for many years. Do ask questions if an insurance or credit card company asks for your social security number. They do not need it, the government has passed laws to discourage its use and it is just one more sensitive piece of information that you do not want lost during a hacking incident.

Leave a Reply

Your email address will not be published. Required fields are marked *