Politico: massive hacking of health records imminent

Politico is a website (and if you’re in Foggy Bottom-ville, a magazine) much beloved by the ‘inside government’ crowd and the media ‘chattering classes’. With some aspirations to be like Private Eye but without the leavening sharp satire, the fact that they’ve turned their attention to–gasp!–the potential hackathon that is health records is amazing. They mention all the right sources: Ponemon, HIMSS, the American Medical Association, BitSight, AHIMA. In fact, the article itself may be a leading indicator that the governmental classes might actually do something about it. This Editor applauds Politico for jumping on our battered Conestoga wagon with the other Grizzled Pioneers. We’ve only been whinging on about data breaches and security since 2010 and their researchers could benefit from our back file.

And speaking of 2010, the Department of Health & Human Services (HHS) is doing its part to close the budget deficit by collecting data breach fines–$10 million in the past year. A goodly chunk will be coming from New York-Presbyterian Hospital/Columbia University Medical Center: $4.8 million for a 6,800 person breach (iHealthBeat) where sensitive records showed up online, readily available to search engines. And yes, we covered this back on 29 Sept 2010 when breaches were new and hushed up. Politico: Big cyber hack of health records is ‘only a matter of time’

Oddly, there is nary a mention of Healthcare.gov.

Before you go for that mhealth app, read this

This common sense six-page guide to consumer mHealth apps, which are proliferating like dandelions on spring lawns, is free, fairly simple and put together by a trusted source–The American Health Information Management Association (AHIMA). Its emphasis is on defining what an app is, how to select the best one for you and–being that it’s AHIMA–securing your private data, particularly taking some care to read the app’s privacy policy. One hopes that they will get the word out through consumer and privacy channels, not to just the HIT and IT security types who read HealthITSecurity. MyPHR/Mobile Health Apps 101: A Primer for Consumers