WikiLeaks Breach Raises Concern About Privacy of Electronic Medical Records

The embarrassing leak of a quarter-million State Department documents by WikiLeaks has recharged the debate over electronic medical records, raising concern that the government may not be capable of safeguarding Americans' most intimate health care secrets when their records go digital.

Doctors and privacy advocates alike are pointing to the havoc wreaked by WikiLeaks founder Julian Assange and allegedly Bradley Manning, the low-level Army private accused of facilitating it, in arguing that the government needs to slow down its push for digital medical records.

The Obama administration is calling for all doctors and hospitals to go digital by 2014 or, if they're in the Medicare system, face penalties starting the following year. The 2009 stimulus bill pumped billions of dollars in incentives into this effort, while this year's health care law set up more programs to encourage the use and study of digital dossiers.

The goal is to reduce costs and medical errors by making this information accessible, presumably to the right people at the right time. But as the WikiLeaks fiasco showed, the bigger the network grows the more likely it is that the wrong people can take advantage of it.

"Even the most top-secret things can't be kept secret," said Dr. Alieta Eck, who with her husband runs a clinic near Edison, N.J., for the poor and uninsured. Eck said she keeps electronic records for her office only but does not plan on meeting the new federal standards, citing concerns about how that information will be shared and how it could erode the trust she has with her patients.

"If you think WikiLeaks is bad, this is gonna be WikiLeaks on steroids," said Deborah Peel, founder of Patient Privacy Rights.

Peel, who has long expressed concerns about the digitization of medical records, said "everything from prescription records to your DNA" will soon be floating around, susceptible to hackers from the outside and troublemakers from the inside.

She cited a study from health care security firm FairWarning, which estimated that health care providers have on average between 25 and 100 privacy breaches per month -- absent the kind of monitoring system that FairWarning sells.

The Department of Health and Human Services has stressed the importance of patient privacy as it encourages medical providers to go digital. The department this year has been formulating the rules to carry out a provision from the stimulus law known as the HITECH Act, under which Medicare doctors are eligible to receive up to $44,000 over five years to establish electronic health records. According to the department, the new rules would strengthen patient protections by giving them the right to restrict certain kinds of disclosures and prohibiting the sale of certain information without their say-so.

"While health information technology will help America move its health care system forward, the privacy and security of personal health data is at the core of all our work," Health Secretary Kathleen Sebelius said in a written statement over the summer.

The Obama administration as a whole has vowed to improve data security in the wake of the WikiLeaks assault. The White House last week ordered a top-down review on how it stores classified information, while the State Department and Pentagon say they're already taking steps to prevent a repeat.

Evan Farr, a Virginia-based elder law attorney, wrote a recent blog column saying the fallout could lead to more focus on health care information security. In response to the concerns raised about the WikiLeaks document dump, he voiced confidence in the new federal safeguards and stressed the tradeoff of doctors more accurately diagnosing patients and lives being saved.

But Peel expressed concern that the government was already weakening privacy provisions included in the 2009 law.

"Once it's out, it's out," she said of patients' medical information.

If America's health care providers keep to the federal government's timeline, they will be digitizing a lot of information in a relatively brief amount of time. According to the Department of Health and Human Services, just 20 percent of doctors now use basic electronic records.

Twila Brase, president of the Citizens' Council for Health Freedom, said the WikiLeaks incident fuels doubts about the government's ability to secure a lot of that information, especially when it will be shared among untold numbers of medical facilities and government offices.

"What WikiLeaks shows you is how security information is all about the integrity of individuals," she said. "Once you get information on any kind of electronic format, it is very easy to take it, to access it, to share it, to download it."