Medical Spa MD is a community of 28,000+ plastic surgeons, dermatologists, & aesthetic physicians practicing cosmetic medicine worldwide. FREE Medical Spa Deals for Clinicians

About   |   Advertise   |   Press   |   Contact

Sponsors & Friends

cosmetic fillers ad

Medical Spa RX Group Buy Program.

medical spa design and advertising

Graphic Design for Medical Spas

Waiting Room Video DVD Marketing

The very best bang for your buck cosmetic marketing!
Watch demo Frontdesk waiting room videos and DVDs.

Medical Spa Training Manuals

Medical spa & laser clinic staff training manuals.

2nd MD
2nd MD - Boarded US physicians work from anywhere.
Medical Justice
Relentlessly protecting physicians from frivolous lawsuits.

More control of your income, career, and lifestyle as a physician.
Read our terms
Newest Comments

Medical Spa MD is a world-wide physician community for clinicians in skin clinics, laser centers and medspas with thousands of physician members around the world. By using this site you agree to our terms of service and fine print.

« Cyber Discrimination: A New Frontier of Liability for Healthcare Providers | Main | Symbol of Excess: Is Any Publicity Good Publicity In Medicine? »
Thursday
Apr282011

Your Medical Records Sold On Ebay?

By Pamela Wible MD

Could a complete stranger receive your echocardiogram results in the mail? Could a homeless guy in Boston end up with your labs in his shopping cart? Is it possible that your medical records were sold on eBay?

Yes. Yes. And yes.

On February 24, 2011, Massachusetts General Hospital was fined $1 million dollars by the federal government when an employee inadvertently left a stack of papers on the subway. These documents contained the protected health information of 192 patients, many with HIV/AIDS. Where did these medical records go? Nobody knows. Maybe a homeless man wandered off with the papers in his napsack.

Yesterday, while watching my nephew shoot hoops at the Y, I read the American Medical News headline: Carelessness behind many health data breaches. According to the article “practices and hospitals are more likely to experience a breach because of an employee losing a thumb drive, mobile device or stack of paper files than because they were targeted for a malicious hacking.”

Doesn’t surprise me. Every few years I get a letter from a health insurance company notifying me that a laptop was stolen with my personal information including my social security number. I’m offered a year of fraud protection; then I’m on my own. I’m assured additional protective measures have been instituted due to the unfortunate and isolated event.

When I continue to read about stolen laptops from hospitals, some right out of employees’ cars, I wonder how many of these laptops have been sold on eBay.

As I leave the YMCA, I stop by my mom’s house on the way home. She’s in the kitchen reviewing the records she just received in the mail from her cardiologist. I ask if she found “anything interesting.” She grins and proceeds to show me the echocardiogram results from some lady named Linda. Mom wonders if her records inadvertently ended up at Linda’s house.

The good news: Though the subway documents were never recovered, there’s no evidence that anyone was harmed. So far my monthly credit alerts indicate nobody has stolen my identity. And in a few days I’ll personally deliver Linda’s records back to the cardiology department at my local hospital. Linda will probably never know what happened. But if Linda does file a complaint then here’s the bad news: The Health Information Technology for Clinical Health Act of 2009 increased the possible fine to $1.5 million for every patient data breach.

I can now understand why my mom–a retired psychiatrist–shredded boxes of patient psychiatric files in her living room before burying the stuff in the backyard. Even I routinely shred confidential information for my garden. Earthworms love old medical records.

But now I have electronic records. Since upgrading my laptop to a MacBook Pro, I wonder how to discard medical files on my previous two laptops. I’ve been told by computer geeks that it’s impossible to reliabiy eradicate data. The ultimate method for hard drive disposal recommended by the Department of Defense (pg 142, section 4) is complete physical destruction after overwriting and degaussing.

So to protect my patients I’ll be heading out to Home Depot for my protective gear and sledgehammer for a weekend of pounding hard drives before smelting or pulverizing them.

I may be going overboard. I’m not sure.

But I’m thinking I’d rather buy new $89 hard drives before selling my old laptops on eBay than get slapped with a 1.5 million dollar per-patient penalty.

About: Dr. Pamela Wible Blogs at http://idealmedicalcare.org/blog/

Submit a guest post and be heard.

Reader Comments (2)

altın çilek everything sold

05.5 | Unregistered Commenterperde

Doesn’t surprise me. Every few years I get a letter from a hastane dekorasyonu health insurance company notifying me that a laptop was stolen with my personal information including my social security number. I’m offered a year of fraud protection; then I’m on my own. I’m assured additional protective measures have been instituted due to the unfortunate and isolated event.

05.5 | Unregistered Commenterdocdor

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Join Medical Spa MD

captcha
MEDICAL SPA MD
Medical Spa MD

A community of dermatologists, plastic surgeons, laser clinics, & skin clinics world wide.

Medical Spa MD is a world-wide community of physicians and clinicians practicing cosmetic medicine. Please read our Terms of Service, Advertising Terms and Privacy Policy.

Copyright © 2011. All rights reserved.

LEGAL NOTICE & TERMS OF SERVICE