By TANIA KARAS
Few health care trends have gotten as much press of late as the mad rush into electronic health records. Physicians, driven by the promise of better care, cost savings and nearly $23 billion in new federal incentive payments, are racing to turn their scribbled medical records into digital files. Thirty-five percent of hospitals now use such systems, more than double the share two years ago, according to U.S. government figures. But for all the hype about electronic records, little attention has been paid to what some say is a serious weak spot: When those sensitive bits and bytes fall into the wrong hands, it's often patients who feel the pain.
Since 2009, there have been more than 420 security breaches involving the records of some 19 million patients, according to the U.S. Department of Health and Human Services' Office for Civil Rights. And such breaches are on the rise. A December 2011 report by the Ponemon Institute, a security-research firm, found that the frequency of data losses and thefts among health care organizations increased 32 percent over the previous year.
With studies so far focused nearly exclusively on the impact of such losses on health care providers, the cost to consumers has been largely ignored -- a fact some experts find mind-boggling. "There's more financial damage that can be created from your health insurance information than a credit card number," says Rick Kam, president of ID Experts, a data-privacy consulting firm. A medical identity thief, for example, might use a stolen insurance card to submit false claims in order to get cash back -- which can cause the real insurance holder to be saddled with a higher insurance premium, or even left on the hook for fraudulent medical bills. And unlike the case with credit cards, says Harry Rhodes, director of practice leadership for the American Health Information Management Association, there are no industry measures to limit consumer liability in medical-record fraud. Of still greater concern are the potential health consequences: If a thief uses stolen data to obtain medical care for himself, his health information is automatically merged into the electronic file, Rhodes says. The result could be grave to the original patient if he or she has a serious medication allergy or if a new medical diagnosis suddenly changes a care regimen.
Given the stakes, experts like Deven McGraw, director of the Health Privacy Project at the Center for Democracy & Technology in Washington, D.C., advise consumers to guard their health insurance cards the way they would their credit cards and to carefully review their statements of insurance benefits. Beyond that, pros say, patients should ask their doctors how sensitive data is being protected. After all, says Larry Ponemon, chairman of the Ponemon Institute, "Patients' lives depend on it."