Can Electronic Medical Records Be Secured?

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.informationweek.com/news/healthcare/EMR/showArticle.jhtml?articleID=221601440

By Mitch Wagner
InformationWeek
December 5, 2009

While electronic medical records promise massive opportunities for patient 
health benefits and reductions in administrative costs, the privacy and 
security risks are equally huge.

The Obama administration has set an ambitious goal--to get electronic 
medical records on file for every American by 2014. The administration is 
offering powerful incentives: $20 billion in stimulus funds as per the 
American Recovery and Reinvestment Act (ARRA) of 2009, and stiff Medicare 
penalties for healthcare providers that fail to implement EMRs after 2014.

EMRs offer tantalizing benefits: Improved efficiency via the elimination 
of tons of paper files in doctors' offices, and better medical care 
through the use of the same kinds of database and data mining technologies 
that are now routine in other industries. One example: EMR systems can 
flag symptoms and potentially harmful drug interactions that busy doctors 
might otherwise miss.

But the accompanying privacy and security threats are significant. When 
completed, the nation's EMR infrastructure will be a massive store of 
every American's most personal, private information, and a potential 
target of abuse by marketers, identity thieves, and unscrupulous employers 
and insurance companies.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php