According to a story from ProPublica, the computer servers that store important patient medical data are surprisingly unprotected. This lack of protection appears to be a problem around the world, and experts have been sounding the alarm for years. Anyone with rudimentary computer knowledge and a web browser could, at least in theory, access this data.
Lax Security for Medical Records
This news will certainly come across as alarming to many people. How has the medical profession failed to adopt the standard security measures that are now commonplace in government and business? Is there really so little concern for patient privacy? It would be a stretch to say that these records are vulnerable to hacking, as no real hacking knowledge would be necessary.
Impacts For Undiagnosed Rare Disease Patients
While there are some major concerns in regards to this situation, there are some patients who may be more welcoming to having their data and imaging records so easily accessible. Take undiagnosed patients as an example. These rare disease patients often have confounding and debilitating symptoms and have been waiting for a diagnosis for years or even decades. In desperation, some of these patients have voluntarily put out their medical records on the web with the hope that someone, anyone, might be able to recognize what they have; in some instances, they have found success.
A Violation of The Law?
Nevertheless, the security concerns are very real, with some databases even leaving patients’ social security numbers almost completely unprotected. This is a real problem that in fact could be in violation of US law, as health care providers are required to maintain patients’ medical privacy. Such laws were put in place in the landmark 1996 Health Insurance Portability and Accountability Act (HIPAA).
Thankfully it doesn’t appear that anyone with ill intent has tried to access these records for personal gain, but they could definitely be used to blackmail or embarrass people. It seems like the lax security protocols surrounding patient data have become something of an open secret among medical providers. The fact of the matter is that clear security standards do exist but they simply are not being followed.
While there are some undiagnosed patients who don’t mind that their data is so easily available, the lack of security is nevertheless and major privacy concern for many people and must be promptly addressed; a patient must be allowed consent for their data to be so accessible, and there is a good chance that many do not.