Privacy Breaches in Healthcare - An International and Growing Concern

Healthcare providers around the world have been struggling to manage the legal risks and liabilities arising from patient privacy breaches in an ever-changing technological landscape. In the UK, the Information Commissioner’s Office (ICO) estimates that the National Health Service, the public healthcare provider, was responsible for over 600 breaches of the Information Act during the last four years. The ICO attributes a significant number of the breaches to the reliance on outdated IT systems, and the breaches have had serious consequences. In April 2010, the NHS Organ Donor Registry falsely recorded the wishes of 440,000 people concerning the post mortem use of their organs. As a result of the error, body parts had been taken without consent from 25 people who had died. Other examples include the accidental disclosure of a complaint a patient’s cancer diagnosis by fax to the wrong recipient and the accidental destruction of over 10,000 patient records. In New York State, Government and health officials have recently formed a committee - the Statewide Health Information Network – New York (SHIN-NY) to harmonize healthcare privacy practices with State laws. A recent report revealed that health care providers do not require staff to obtain a patient’s consent to share personal information prior to treatment, a violation of New York’s public health law. Members of SHIN-NY anticipate that such gaps, if left unresolved, will create enormous liabilities for healthcare providers as they migrate to widespread information exchange systems, where patient information is disseminated on a much wider scale. In Sonoma County, California, plaintiff Deanna DeBaeke discovered that her personal information obtained by the St Joseph hospital system, including her height, weight, smoking history, blood pressure, and treatment dates could be revealed by simply performing a Google Internet search. Over 30,000 patients were affected by the same flaw in the hospital’s IT system. As a result, the hospital is facing three class action lawsuits. Although the shift towards decentralized medical information systems will yield great benefits for both patients and health care providers, the potential risks for information leaks are also great. For a link to an article discussing privacy breaches in the UK, visit: http://tinyurl.com/76yy74w For a link to an article discussing the development in New York State, see: http://tinyurl.com/6o6jhvj For a link to an article concerning the class action lawsuit in California, visit: http://tinyurl.com/bsvhelx Summary by: Darren Hall