The Business Model for Hacking Electronic Health Records

TOPICS:

Posted By: Jim Tate August 19, 2013

The Business Model for Hacking Electronic Health Records

Security of Electronic Health Records

I’ve been thinking lately about the security and privacy issues around patient information stored in electronic health records. No doubt the records contain personal information that should be protected, but what is the real threat? What is the value of a database of 10, 000 individuals that includes their problems, medications, and lab results? Can’t really be too much value there for the hacker community. Or is there?

I interviewed Brian Ahier, one of our more astute HIT missionaries and well-known blogger. You can download the podcast of the my interview. I asked him the same question, “What would be the business model for ripping off electronic health records?” He answered with just two words, “Identity theft”.  He’s right. Those records can often be mined for social security numbers, addresses, employment info, phone numbers, email addresses and who know what else. That information has real value in the murky world of identity crimes. To make matters worse it might be easier for these intrusions to be pulled off against health care entitles rather than financial institutions. Health care records in an electronic form could be the low hanging fruit for hackers. Now that we know the value of the electronic health record databases the next question is obvious. How vulnerable are the systems that maintain these records?

Robert O’Harrow, investigative reporter for the Washington Post, recently completed his year long look at this issue in his article Health Care Sector Vulnerable to Hackers Researchers Say. I suggest you read the article and judge for yourself whether we have anything to worry about.

Jim Tate is founder of EMR Advocate and a nationally recognized expert on the CMS EHR Incentive Program, certified EHR technology and meaningful use. He also co-hosts MU Live!, HITECH Answers weekly Internet radio show on meaningful use and health IT topics. You can hear a re-broadcast of Jim’s interview with Brian 2 pm where this question on security of electronic health records came up at 2 pm Eastern each day at www.HealthcareNOWradio.com or download the podcast.