The problem is that the people who have legitimate access to your data don’t really care about it enough to adequately protect it, despite all the legislation, lawsuits, and news stories that should make them more careful. This is bad enough when it comes to personal identifying information, the theft of which can wreak havoc on your financial well-being. But medical records are even more sensitive, even more personal than your bank account numbers, and can put at risk your entire life, not just your financial life.
Think for a moment about what happened in San Antonio. The medical information of literally millions of people who have sacrificed a great deal to protect this nation was potentially exposed because a contractor decided that it was no big deal to transport such precious cargo in a private car under the watchful eye of an employee—as opposed to an armored vehicle with armed guards, or a secured encrypted data feed.
Of course, the breach was accompanied by the usual assurances—the data isn’t so easy to access, the thief likely didn’t know what he was stealing, etc. However, the fact remains that that information can be used by a number of categories of unscrupulous actors, against the people that we as a society are probably most interested in protecting. Unfeeling employers, disgruntled spouses, thieves of every description, and even those with bad intentions toward the country, as opposed to any individual, could create serious mayhem if they got their hands on it and figured out how to access it. And, make no mistake, with stakes that high there are a significant number of people who would make it worth someone’s while to find a way.
Identity management company Sailpoint recently commissioned a survey that produced some really scary findings. In all three countries currently undertaking a push to digitize medical records, no less than 80% of consumer respondents said they were at least concerned about the process. That rather predictable fact is not nearly as important as something else the survey uncovered: in the U.S., 20% of respondents admitted that they would steal data from their employer; in Australia that number was closer to 33%, and in the UK it was 50%! Perhaps you’ll find this more comforting: in the U.S. and Australia between four and 5% of respondents also admitted that they would sell that data for profit if they could! And in the UK, a whopping 24% of respondents admitted (perhaps eagerly admitted) that they would be happy to make money by ruining people’s lives! Ah, the Brits………
We really need to wake up fast. It would be difficult to argue against the potential benefits that accompany the digitization of medical records, but it is impossible to argue against the simple fact that once information is digitized, the assumption must be made that a great deal of data on a great many people will be easily accessible and transportable by someone who shouldn’t have it, and to someone who is willing to use it perniciously. As has been said many times before, your personal identifying information is already “out there,” and thus what you can do to protect yourself may already be a silly question. But for the most part, your medical information—perhaps the most sensitive information that there is—is still strewn on paper in hundreds of filing cabinets, and quite possibly recorded in illegible handwriting. The chaos of all that paper protects it. But once it’s digitized, its accessible to many more people, it’s centralized all in one place, and it’s probably better organized, easy to understand, and therefore easier to misuse.
Before we as a society spend more money to digitize medical information, I think it would be better to spend some stimulus money on finding ways to protect it BEFORE it’s exposed. Else, the digitization operation might be a success, but patients’ private lives will forever be endangered and exposed. Our personal medical information may be the final frontier of our personal privacy. Let us reflect upon that as we begin Protect Your Identity Week this coming Sunday.
[Featured Product: Looking for your credit report?]