Medical Information Security Policy

As information becomes more accessible, as electronic data from around the world can be brought together instantly, information that might have taken months to gather, is now available at the click of your mouse. This power to gather information quickly has gained particular importance in the medical field. Now a patient’s medical records can be assembled from dozens of sources, doctors, hospitals, dentist, pharmacies and insurance companies, and amalgamated into a complete report of a patient’s medical history, a boon to medical professionals who need and use such information to diagnose and determine treatments. The rise of this capability has necessitated the requirement for a comprehensive medical information security policy that will protect your right to privacy without impeding the legitimate use of the information for the health interest of the individual.

The capabilities of internet communication, such as file transfers, email, e-prescribing, and the like have brought to the fore the question of the security of this information as it passes along internet lines. A prescription for a controlled pain killer, for instance, could be intercepted between the doctor’s office and the pharmacy, and the information it contains could be used by an addict to pose as the patient and divert the prescription to him or her instead. The information on the prescription could be changed before being forwarded to the pharmacist, increasing the dosage, even adding other medications to the prescription. Without an information security policy guiding this transaction, your prescription might be easily hijacked.

At a different level, the lack of a medical information security policy designed to protect the confidentiality of patient records could result in anything from losing a job to informing criminals of who in the population are vulnerable to attack. A potential employer might decide not to hire an otherwise qualified person because their intercepted medical records show that person has HIV. The records of a paraplegic who has scheduled home care nursing tells the criminal this patient is vulnerable and alone at certain hours of the day – a good candidate for a burglary. Without a competent medical information security policy in place to avert such possibilities, lives and property may be endangered.

The failure to keep medical information private may allow others to use that information for non-medical purposes. A malicious person might obtain a patient’s medical history and discover there that this person has, at one time, undergone psychiatric treatment, let’s say, for depression. Using that information, the invader could publish that this person had received psychiatric treatment, but fail to disclose the reason, and, instead, suggest the person was treated for more serious mental aliments. Reputations could be destroyed, irrational enemies made, and social standings reduced, all because an adequate medical information security policy was not in place.

A medical information security policy was enacted into law by the U.S. Congress in 1966, the Health Insurance Portability and Accountability act of 1966. The Privacy Rule in the law was amended in 2002, prohibiting the use of medical information from any use but medical use. It contained the amount of information that could be released, permitting only what was necessary for health care or insurance. It also required the permission o the patient for release of the information to such entities as insurers, banks, marketers, and other non-medical businesses. The penalty for violating this laws is a steep 10 years in prison and $250,000 find.

The importance of medical information security has become greater in recent times with the advance of genetic profiling. This information, in the wrong hands, could target people as potential terrorists, on the basis of their gene makeup. This and other possibilities suggest we should pay close attention to the development of medical records privacy policies in the years ahead. As critical as medical information may be for the patient’s health, it’s security is as critical for the person’s freedom. If we want to keep our freedom, we should take care to keep our medical information private. Know who has your medical records, where they are located, and the medical information security policy guarding them. Privacy is a right we should not give up with a fight.