How Secure is Your Medical Data? | KBIA

How Secure is Your Medical Data?

Apr 15, 2015

Think about the information your doctor’s office or health insurance provider collects about you: your address, birthday and social security number. But they also have your medical history, current conditions and information about your insurance policy connected to your file.


All of this information is incredibly personal and to a hacker, it's incredibly valuable.


"Electronic healthcare records now contain a lot of that same information on a granular level," said Dr. Selva, Chief Medical Information Officer for the University of Missouri Health System. "You [could] use that data to get information about a group of patients that then you can start sending spam letters or other phishing opportunities.”

Last summer, a hack on Community Health Systems affected hospitals in Moberly and Kirksville. In February, a data breach of the health insurance company Anthem impacted almost one-third of the state. These events, and others like it, raise the question: just how secure is your medical data?


Dr. Patricial Alafaireet, Director of Applied Health Informatics at the University of Missouri, said in comparison to a lot of data, healthcare data is extremely secure.


Alafaireet said consumers might feel like there are more data breaches in the healthcare field because hospitals and insurance companies are required to disclose it.


Federal law requires providers and insurance companies to notify a patient if their information has been breached. If the breach affects more than 500 people, they have to directly notify the public and the media.


Because of these harsh consequences, Alafaireet said the healthcare community is focused on security.


“The focus shifts sometimes to meet a particular threat," Alafaireet said. "Sometimes it feels like you're plugging the holes in the dyke because there's a specific virus, there's a specific hacking attempt, etc. But overall I think the level of concern is pretty high all the time."

Selva said patients’ concerns about the security of their personal data are justified. But as different industries use more information from consumers, people will worry less about their data.

“The banking industry has made you feel more comfortable banking online. Starbucks has made you feel more comfortable just holding up your phone and they've had a direct withdrawal," Selva said.


"We're getting more comfortable with knowing that data intrusion will occur but at the same time you have to trust the companies managing that data. They're whole reputation is based upon: do they keep it secure.”

 And as we create more data about our lives, information security will continue to be an important issue. “It’s no different than prior to 9/11, we all thought we were safe on airplanes. After 9/11, well we had to amp up security but now it's something we live with," Selva said.  

"Sometimes we complain about it but the reality is we've learned to make it as easy as possible to get through the airport to the airplane. So I think it's similar that as we digitize data, we are going to know that you never want to get complacent. It's the job of the people who provide that service to make sure you feel secure.”