The Hacker News (a first mention) named the top international ‘smart cities’ most suspect to a chaos-making cyber attack, in rank order: Santander, Spain (!); New York City; Aguas De Sao Pedro, Brazil (?); Songdo, ROK; Tokyo; Hong Kong and Arlington county, Virginia (adjacent to Washington DC), noting security systems, transit, (more…)
Confirmation that your Editors (including Founder Steve) are no longer Voices Crying In The Wilderness on health data insecurity came this weekend on the front page (print) of The Wall Street Journal. It concentrated less on the profit of stolen PHI–$50 per record on average versus $7 for a credit card, according to Ponemon Institute–than on the horror of the 2.3 million individuals suddenly finding out that hospitalizations, procedures and prescriptions in their name were being used by others, leaving them with the bill and unable to clear both their financials and their health records.
EHRs are treasure troves of health and financial information. Unlike credit card theft, there’s no warning–and no limits. Providers and insurance companies put the onus on the person with the stolen data. There is no healthcare equivalent of the Fair Credit Billing Act (FCBA) and the Fair Credit Reporting Act (FCRA), which since 1974 and 1970 respectively have limited the individual impact of fraudulent credit card charges.
Consumer security programs like LifeLock are not particularly effective in proactive notification. In other words, you’re stuck. You may run through your benefits and then be responsible for the bills. Second, you may never get the bad information and diagnoses out of the supposedly accessible health record because of privacy laws, especially if you are a caregiver.
Victims sometimes only find out when they get a bill or a call from a debt collector. They can wind up with the thief’s health data folded into their own medical charts. A patient’s record may show she has diabetes when she doesn’t, say, or list a blood type that isn’t hers—errors that can lead to dangerous diagnoses or treatments.
Adding insult to injury, a victim often can’t fully examine his own records because the thief’s health data, now folded into his, are protected by medical-privacy laws. And hospitals sometimes continue to hound victims for payments they didn’t incur.
According to Ponemon, “65% of victims reported they spent an average of $13,500 to restore credit, pay health-care providers for fraudulent claims and correct inaccuracies in their health records.”
Very rarely does this Editor look for a Federal remedy to a problem, (more…)