Saturday, June 18, 2005

Privacy Identity Theft and Fraud

This week an important story broke from one of the major credit card processing centers for several major credit card companies, including VISA and Mastercard. A virus was identified in the system that seems to have possibly stolen 40 million credit card numbers. The events actually took place in May. This story brings several things to light. The processing centers are separate and distinct entitites from the credit card companies themselves, and the issuing bank. Undoubtedly the responsibility will lie with the processing centers themselves. It brings up an issue regarding EMR. Who is going to be responsible for the security of our EMRs. If there is a loss of confidentiality will the physician provider, hospital, EMR vendor, or the network proposed by many proponents of EMR being centralized and interoperability. This story certainly gives one pause as to having a centralized or even regionalized database. It makes it more plausible to have each provider group hold their own database and allow some form of access via encrypted password held by the patient.
It also gives more reason to make the patient/ consumer the owner of their records, perhaps on a memory device that they hold and bring to the provider or hospital. Of course this could be lost by the patient, but could be backed up either at home or at their own physician's office.
For those of us developing RHIOs and the National Coordinator's Office, this gives us food for thought.
Gary Levin MD


Post a Comment

<< Home