Tuesday, February 5, 2013
Is it safe?
When I read William Goldman's book "The Marathon Man" years ago, I recall the evil Nazi dentist with drill in hand (played by Sir Laurence Olivier in the subsequent movie) hovering over the un-anesthetized Dustin Hoffman strapped to a chair asking the question: "Is it safe?" Of course, Hoffman didn't know. So when Olivier turned on the drill and Hoffman started screaming, everyone in the theater identified with his pain. I still get chills when thinking about it.
In previous blog post here, I've described the pain I experienced when we transitioned from paper charts to electronic medical records (EMR)--certainly not as intense as having dental work without anesthesia, but agony just the same. Well guess what! Now we're transitioning to a new EMR. In many ways, our pain level has increased from 6 out of 10 to 9 out of 10.
I interviewed Casey Quinlan, of Might Casey Media, a very astute commentator on healthcare in general and cancer care specifically, on This Week in Oncology last Wednesday. The "Mighty Casey" made several cogent observations on EMRs, but, we really didn't address the question of security. In the December 15-16, 2012 issue of the Wall Street Journal, Ellen E. Schultz wrote an article entitled: "How Safe Are Your Medical Records?" Two pieces of legislation are cited:
The first is the Health Insurance Portability and Accountability Act (HIPAA) which "allows health-care providers to disclose medical records without a patient's consent when the information used is for treatment, payment and "health-care operations." Providers are supposed to exchange only relevant information, but they commonly transfer a patient's entire file, which is easier than separating the pertinent records." In the same manner, protection can be lost for psychotherapy records if they are co-mingled with other medical records.
Second is the American Recovery and Reinvestment Act of 2009 which "prohibits the unauthorized sale of medical records, requires that data be encrypted and mandates that individuals be notified of security breaches. It is too soon to say how effective these rules will be."
Drilling down to the core problem is Mat Honan's original article "How Apple and Amazon Security Flaws Led to My Epic Hacking" and follow-up video entitled "Mat Honan Hacked and Digitally Destroyed" he describes an "epic hack" that destroyed his entire digital life in one hour. Having been the victim of a phishing expedition, a minor nuisance compared to his experience, I know how it feels to have your identity stolen. After researching how and why hacking has become more problematical, Honan concludes: "The age of the password has come to an end; we just haven't realized it yet. And no one has figured out what will take its place." He continues: "The ultimate problem with the password is that it's a single point of failure, open to many avenues of attack. Two factors should be a bare minimum." This creates the dilemma that if the password is too simple and obvious, it's a no-brainer to crack; if it's too complex and obscure, the password is hard to remember. And, we are advised never to write passwords down. Why am I not surprised that the most common password used is, in fact, "password," and second is "123456"?
Honan provides a helpful Dos and Don'ts list to survive the "password apocalypse":
"DON'T:
REUSE PASSWORDS. If you do, a hacker who gets just one of your accounts will own them all.
USE A DICTIONARY WORD AS YOUR PASSWORD. If you must, then string several together into a pass phrase.
USE STANDARD NUMBER SUBSTITUTIONS. Think P455wOrd is a good password? NOp3! Cracking tools now have those built in.
USE A SHORT PASSWORD-no matter how weird. Today's processing speeds mean that even passwords like "h6!r$q" are quickly crackable. Your best defense is the longest possible password.
DO:
ENABLE TWO-FACTOR AUTHENTICATION WHEN OFFERED. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it's better than nothing.
GIVE BOGUS ANSWERS TO SECURITY QUESTIONS. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a "Camper Van Beethoven Freaking Rules."
SCRUB YOUR ONLINE PRESENCE: One of the easiest ways to hack into an account is through your e-mail and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
USE A UNIQUE, SECURE EMAIL ADDRESS FOR PASSWORD RECOVERIES. If a hacker knows where your password reset goes, that's a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn't tied to your name-like m****n@wired.com so it can't be easily guessed."
So, the answer to the question: "Is it safe?" is an emphatic NO. Honan concludes that online identity verification will not be a password-based system in the future, any more than our system of personal identification will be based on photo IDs. But, passwords may still be involved as just one part of a multifaceted process.
This post by Richard Just, MD, ACP Member, originally appeared at JustOncology.com, a joint publication of Richard Just, MD, aka @chemosabe1 on Twitter and Gregg Masters, MPH, aka @2healthguru on Twitter. Dr. Just has 36 years in clinical practice of hematology and medical oncology.
Labels: EHRs, electronic medical records, guest post, HIPAA, JustOncology, patient privacy, practice management, Richard Just
posted by Richard Just, MD at
11:00 AM
Contact ACP Internist
Send comments to ACP Internist staff at acpinternist@acponline.org.
Previous Posts
- Progress notes are a poor match between billing an...
- QD: News Every Day--Empathetic doctors get rewarde...
- New norovirus strain strikes the U.S.
- QD: News Every Day--Gift restrictions among med st...
- Niacin: ineffective, and now with fewer side effec...
- QD: News Every Day--Alcohol screening, counseling ...
- Questions and answers
- Why doctors should write
- QD: News Every Day--Yoga may diminish afib symptom...
- Transitioning from fee-for-service medicine to wha...
Blog log
Members of the American College of Physicians contribute posts from their own sites to ACP Internistand ACP Hospitalist. Contributors include:
Albert Fuchs,
MD
Albert Fuchs, MD, FACP, graduated from the
University of California, Los Angeles School of Medicine, where he
also did his internal medicine training. Certified by the American
Board of Internal Medicine, Dr. Fuchs spent three years as a
full-time faculty member at UCLA School of Medicine before opening
his private practice in Beverly Hills in 2000.
And Thus, It Begins
Amanda Xi, ACP Medical
Student Member, is a first-year medical student at the OUWB School
of Medicine, charter class of 2015, in Rochester, Mich., from which
she which chronicles her journey through medical training from day
1 of medical school.
Zackary Berger
Zackary Berger, MD, ACP Member, is a primary care doctor and
general internist in the Division of General Internal Medicine at
Johns Hopkins. His research interests include doctor-patient
communication, bioethics, and systematic reviews.
Controversies in Hospital
Infection Prevention
Run by three ACP
Fellows, this blog ponders vexing issues in infection prevention
and control, inside and outside the hospital. Daniel J Diekema, MD,
FACP, practices infectious diseases, clinical microbiology, and
hospital epidemiology in Iowa City, Iowa, splitting time between
seeing patients with infectious diseases, diagnosing infections in
the microbiology laboratory, and trying to prevent infections in
the hospital. Michael B. Edmond, MD, FACP, is a hospital
epidemiologist in Richmond, Va., with a focus on understanding why
infections occur in the hospital and ways to prevent these
infections, and sees patients in the inpatient and outpatient
settings. Eli N. Perencevich, MD, ACP Member, is an infectious
disease physician and epidemiologist in Iowa City, Iowa, who
studies methods to halt the spread of resistant bacteria in our
hospitals (including novel ways to get everyone to wash their
hands).
db's Medical Rants
Robert M. Centor, MD, FACP, contributes short essays contemplating
medicine and the health care system.
DrDialogue
Juliet K. Mavromatis, MD, FACP, provides a conversation about
health topics for patients and health professionals.
Dr. Mintz' Blog
Matthew Mintz, MD, FACP, has practiced internal medicine for more
than a decade and is an Associate Professor of Medicine at an
academic medical center on the East Coast. His time is split
between teaching medical students and residents, and caring for
patients.
Everything
Health
Toni Brayer, MD, FACP, blogs about the rapid changes in science,
medicine, health and healing in the 21st century.
FutureDocs
Vineet Arora, MD, FACP, is Associate Program Director for the
Internal Medicine Residency and Assistant Dean of Scholarship &
Discovery at the Pritzker School of Medicine for the University of
Chicago. Her education and research focus is on resident duty
hours, patient handoffs, medical professionalism, and quality of
hospital care. She is also an academic hospitalist.
Glass Hospital
John H. Schumann, MD, FACP, provides transparency on the workings
of medical practice and the complexities of hospital care,
illuminates the emotional and cognitive aspects of caregiving and
decision-making from the perspective of an active primary care
physician, and offers behind-the-scenes portraits of hospital
sanctums and the people who inhabit them.
Gut Check
Ryan Madanick, MD, ACP Member, is a gastroenterologist at the
University of North Carolina School of Medicine, and the Program
Director for the GI & Hepatology Fellowship Program. He
specializes in diseases of the esophagus, with a strong interest in
the diagnosis and treatment of patients who have
difficult-to-manage esophageal problems such as refractory GERD,
heartburn, and chest pain.
I'm dok
Mike Aref, MD, PhD, FACP, is an academic hospitalist with an
interest in basic and clinical science and education, with
interests in noninvasive monitoring and diagnostic testing using
novel bedside imaging modalities, diagnostic reasoning, medical
informatics, new medical education modalities, pre-code/code
management, palliative care, patient-physician communication,
quality improvement, and quantitative biomedical imaging.
Informatics
Professor
William Hersh, MD, FACP, Professor and Chair, Department of Medical
Informatics & Clinical Epidemiology, Oregon Health &
Science University, posts his thoughts on various topics related to
biomedical and health informatics.
David Katz, MD
David L. Katz, MD, MPH, FACP, is an internationally renowned
authority on nutrition, weight management, and the prevention of
chronic disease, and an internationally recognized leader in
integrative medicine and patient-centered care.
Just Oncology
Richard Just, MD, ACP Member, has 36 years in clinical practice of
hematology and medical oncology. His blog is a joint publication
with Gregg Masters, MPH.
KevinMD
Kevin Pho, MD, ACP Member, offers one of the Web's definitive sites
for influential health commentary.
MD
Whistleblower
Michael Kirsch, MD, FACP, addresses the joys and challenges of
medical practice, including controversies in the doctor-patient
relationship, medical ethics and measuring medical quality. When
he's not writing, he's performing colonoscopies.
Medical Lessons
Elaine Schattner, MD, FACP, shares her ideas on education, ethics
in medicine, health care news and culture. Her views on medicine
are informed by her past experiences in caring for patients, as a
researcher in cancer immunology, and as a patient who's had breast
cancer.
Mired in MedEd
Alexander M.
Djuricich, MD, FACP, is the Associate Dean for Continuing Medical
Education (CME), and a Program Director in Medicine-Pediatrics at
the Indiana University School of Medicine in Indianapolis, where he
blogs about medical education.
More Musings
Rob Lamberts, MD, ACP Member, a med-peds and general practice
internist, returns with "volume 2" of his personal musings about
medicine, life, armadillos and Sasquatch at More Musings (of a
Distractible Kind).
Prescriptions
David M. Sack, MD, FACP, practices general gastroenterology at a
small community hospital in Connecticut. His blog is a series of
musings on medicine, medical care, the health care system and
medical ethics, in no particular order.
Reflections of a Grady
Doctor
Kimberly Manning, MD, FACP, reflects on the personal side of being
a doctor in a community hospital in Atlanta.
The Blog of Paul Sufka
Paul Sufka,
MD, ACP Member, is a board certified rheumatologist in St. Paul,
Minn. He was a chief resident in internal medicine with the
University of Minnesota and then completed his fellowship training
in rheumatology in June 2011 at the University of Minnesota
Department of Rheumatology. His interests include the use of
technology in medicine.
Technology in (Medical)
Education
Neil Mehta, MBBS, MS, FACP, is interested in use of technology in
education, social media and networking, practice management and
evidence-based medicine tools, personal information and knowledge
management.
Peter A. Lipson,
MD
Peter A. Lipson, MD, ACP Member, is a practicing internist and
teaching physician in Southeast Michigan. The blog, which has been
around in various forms since 2007, offers musings on the
intersection of science, medicine, and culture.
Why is American Health Care So Expensive?
Janice
Boughton, MD, FACP, practiced internal medicine for 20 years before
adopting a career in hospital and primary care medicine as a locum
tenens physician. She lives in Idaho when not traveling.
World's Best Site
Daniel Ginsberg, MD,
FACP, is an internal medicine physician who has avidly applied
computers to medicine since 1986, when he first wrote medically
oriented computer programs. He is in practice in Tacoma,
Washington.
Other blogs of note:
American Journal of
Medicine
Also known as the Green Journal, the American Journal of Medicine
publishes original clinical articles of interest to physicians in
internal medicine and its subspecialities, both in academia and
community-based practice.
Clinical
Correlations
A collaborative medical blog started by Neil Shapiro, MD, ACP
Member, associate program director at New York University Medical
Center's internal medicine residency program. Faculty, residents
and students contribute case studies, mystery quizzes, news,
commentary and more.
Interact MD
Michael Benjamin, MD, ACP member, doesn't accept industry money so
he can create an independent, clinician-reviewed space on the
Internet for physicians to report and comment on the medical news
of the day.
PLoS Blog
The Public Library of Science's open access materials include a
blog.
White Coat
Rants
One of the most popular anonymous blogs written by an emergency
room physician.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home