Privacy Advocates Concerned by San Jose Medical Group Computer Theft
The March 28 theft of two computers containing the personal information of 185,000 patients from the San Jose Medical Group has caused "privacy advocates to worry that th[e] case ... will make people afraid to get the medical care they need," the San Jose Mercury News reports.
The computers contained billing information, including names, addresses, Social Security numbers and confidential medical information. Dean Didech, CMO for SJMC, said no actual medical records were stored on the computers. SJMC primarily uses paper files for medical records, and the group's few electronic medical records are stored on a server in Chicago, he said.
San Jose police are investigating the case.
Emily Stewart, a policy analyst for the not-for-profit Health Privacy Project in Washington, D.C., said the case "has a devastating impact on the way people seek health care." In a 1999 survey, one in six people were so concerned over personal information leaks that they withheld information from their doctors, switched doctors frequently to avoid having all their records in one file or paid cash to avoid dealing with insurance companies, she said.
"Even if they don't lose their job or have some stigmatizing information in there, people feel violated because it's such personal information," Stewart said.
"The biggest concern in most cases is identity theft," the Mercury News reports. Under California law, medical plans in July will be required to stop printing Social Security numbers on cards and in other places where they could be publicly viewed.
"In the electronic world, we keep track of everyone who sees that record, so we are able to enforce privacy provisions," Paul Tang, chief medical information officer for the Palo Alto Medical Foundation, said. He added that PAMF has fired employees caught viewing electronic data they were not authorized to see.
Diane Terry -- senior director of the Fraud Victim Assistance Department for TransUnion, a credit reporting agency -- said paper health charts for many years have been targeted by identity thieves because they often contain the same information requested by credit card applications (Chui, San Jose Mercury News, 4/12).
"The theft of sensitive personal data has become routine in America," and the "results can be devastating," a Mercury News editorial states. "The only reason we know about [identity theft incidents in the state] is that a California law forces institutions that suffer data breaches to notify the individuals whose personal information has been stolen," the editorial continues. Sen. Dianne Feinstein (D-Calif.) has introduced a bill that would "extend the California law across the nation, and Congress ought to put it on the fast track," the editorial states. In addition, the government should require that personal information held by institutions such as hospitals should "be encrypted," and the use of Social Security numbers should "be eliminated whenever possible," the editorial states (San Jose Mercury News, 4/12).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.