I just finished reading this article from Center for Public Integrity where it talks patient data safety rules being disregarded and unenforced.
The prospect of data breaches is not merely a theoretical concern. In 2009, hospitals and insurance companies were plagued by high-profile losses of sensitive patient data. In November, the insurer Health Net announced that a portable hard drive containing medical claims of as many as 1.5 million members in Arizona, Connecticut, New Jersey, and New York had been lost or stolen. In October, a laptop containing social security numbers and other personal information of patients at the Children’s Hospital of Philadelphia was stolen from a car parked at a hospital employee’s home.
As someone who works a lot of personal data, patient data is definitely one of my major concern. However, as mentioned in the article, punishment for this lack of attention to patient data is currently not enforced. As a result, we have incidents in which portables hard drives containing patient data is stolen. (Personally I don’t think patient data should be allowed to be stored in a portable hard drive in the first place.) As EHR adoption gets more prevalent, patient data will be easier to access as they are in an electronic form. Yet, this will definitely bring data security issue into the front light.