Tapes containing data on 135,000 people were lost by Johns Hopkins. Files were lost on 52,567 employees and 83,000 hospital patients. The records contained personal information (e.g. names, SSNs, medical record numbers), but no medical records. While Johns Hopkins believes the tapes were misplaced and then destroyed, this is the latest in a string of losses of personal information. Many of these losses were health and insurance related.
When will some enterprising IT organization step up and provide a common security platform for health IT data? We have PGP technology, after all. The first entrant could market hard, solicit support from state regulators and national-level players, and own the market while providing a needed services.
Here’s a partial list of health-related organizations that lost medically-related data (and it’s just for one year):
- Emory Healthcare
- Williamson Medical Center
- Marsh CS Stars (later recovered)
- California Department of Health Services
- Christus St. Joseph Hospital
- University of Florida Health Sciences Center
- Ohio State University Medical Center
- University of Tennessee Medical Center
- Keck School of Medicine at USC
It’s only a matter of time before some of this information is posted on the Internet or used in some other public way. Then all hell will break loose. Who’s going to provide the solution before that happens?