We've all heard, I'm sure, about the Obama administration's plans to implement a centralized electronic registry of medical information for all US residents. It's touted as being at the root of a much more efficient and effective health care system. The Recovery Act allocated an initial $19 billion - yes, that's 'b' as in 'billion'! - for the purpose, with up to $50 billion envisaged over the next five years.
Sounds good, sure - but what of the dangers? One of these has just been highlighted by a case in England.
The confidential medical records of patients treated at one of Britain’s top private hospitals have been illegally sold to undercover investigators.
Hundreds of files containing intimate details of patients’ conditions, home addresses and dates of birth are being offered for as little as £4 each.
The files were sold by two men who claimed to have gained access to the information from IT companies in India, where thousands of British medical records are sent every year to be computerised.
They supplied more than 100 records belonging to UK patients but claimed they would be able to pass on hundreds of thousands more on demand.
The revelation raises serious questions about the security of health records sent abroad. One patient affected by the security breach described it as ‘one step up from grave-robbing’.
The Information Commissioner’s Office is now looking into the allegations.
Sally Anne Poole, head of investigations at the ICO, said: ‘We are very concerned that private patients’ medical records are on sale in India. The ICO will establish the full facts and will then decide what action, if any, needs to be taken. Medical records are sensitive personal information and must be held securely.’
. . .
One of the men filmed by undercover ITV investigators, Jayesh Bagchandanai, known as Jay, ... sent more than 100 files and said they came from staff at an Indian ‘transcription’ centre where medical records are computerised.
Jay told Mr Rogers: ‘We can do really good business with these leads. These leads will give you diagnose [sic], entire diagnose of all the customers, what the customer is facing.
‘There are 17 teams or you can say team managers. The floor managers, they are working as freelancers for me and I am telling them to pull the data for me. They work for me.’
Researchers for the programme then met another man, Kunal Gargatti, who called himself ‘John’, in Mumbai. Kunal told them: ‘You have the doctor’s name, doctor’s address, doctor’s phone number. Each and every thing here.
‘I have 30,000 files to give you today, right now. I’ve around 140 diseases here. You just tell me which disease you’re looking out for – I can give you anything.’
Of 116 files bought by ITV, 100 were confirmed to be authentic and were for patients who had been treated in private hospitals, although their records did contain NHS data including referral letters from GPs.
. . .
Scanning And Data Solutions collected the paper records from doctors at the London Clinic and scanned them into computers in the UK.
However, it then sub-contracted further work on the files – which involved putting them in order on a database – to a company in Pune, India.
To do so, it put the scanned documents on to a secure internet website, where workers from the Indian company, who had signed a confidentiality agreement with Scanning And Data Solutions, accessed them using a password.
It is unclear whether any further sub-contracting took place in India. But at some point – it is not clear exactly where – the files were copied and passed to the men who hoped to sell them.
The revelations have implications for the many NHS trusts now outsourcing administrative work to India.
There's more at the link.
Think that won't happen to US health records as well? Just how much of our data entry work is already outsourced to other countries, do you think? The answer is, 'Most of it!' Any attempt to enter data on all 300-odd million US residents is certain to run into this problem - in spades. There's just too much money to be made by criminals to realistically expect it won't happen to us as well.
Yet again, the dangers of centralized, Government-controlled health care are revealed - and they're not restricted to a lesser quality and/or quantity of care.
Peter
C'mon, Peter; this can't be true. I'm sure that confidentiality agreements (especially when the records are being handled in places separated by national borders) are just as effective as restraining orders.
ReplyDeleteOh, wait...
Sobering, especially if it's true, as I've read from several sources, that much if not most of our pension, banking, and investment info is handled in India and other places overseas.
ReplyDeleteIs this case just the tip of the iceberg?
Goatroper
What is unemployment in Britain? Even their govt outsources.
ReplyDeleteMechAg94