It seems shocking that millions of Americans\u2019 private\nmedical records are free and easy to access online. What\u2019s more terrifying is\nthat it shouldn\u2019t be shocking. Experts have been warning the people storing\nthis data for years that their storage methods weren\u2019t at all secure, but no\naction was taken on their part. Now, nearly anyone can look at your MRI with\nminimal effort. <\/p>\n\n\n\n
Here\u2019s\nHow Your Information Leaked<\/strong><\/p>\n\n\n\n Over 5 million medical patients in the United States (and\nmillions more in other countries) have been put at risk by care providers that\nstore and transmit medical imaging and reports. It\u2019s not unusual for a medical\npractice to digitally store this information \u2013 they need to be able to keep an\naccurate record of their patients and also to be able to send relevant\ninformation to the patient\u2019s other care providers. What\u2019s unusual is that 187\nof these medical storage servers aren\u2019t even password protected.<\/p>\n\n\n\n Anyone who wanted to look at someone else\u2019s medical\ninformation would only need to know what to type into their web browser. When\nthey reached the website, nothing would stop them from accessing every single\nrecord on that server. This isn\u2019t even a data breach \u2013 the data was never\nsecured in the first place. It\u2019s always been out there for anyone to peruse and\nuse as they see fit. <\/p>\n\n\n\n What is\nHIPAA and How Does This Violate HIPAA?<\/strong><\/p>\n\n\n\n HIPAA is an abbreviation for Health Insurance Portability\nand Accountability Act, a measure passed by Congress in 1996. HIPAA is designed\nto do several things, but most importantly, it required that all protected\nhealth information is handled confidentially. HIPAA is the reason why the\nhospital won\u2019t tell you things on the phone, especially if a friend or loved\none hasn\u2019t listed to you as a contact. You need to be there, in person, and\nhave the person involved express consent for you to be informed of their\nmedical status unless you are their next of kin or immediate family member.<\/p>\n\n\n\n It can easily be argued that storing medical imaging and\npatient information on unsecured servers that can be remotely accessed by\nanyone is not compliant with HIPAA. The problem is that there are nearly 200 of\nthese servers, and there\u2019s nothing in place to enforce compliance or to hold\nthe individuals responsible accountable for the loss of confidentiality of\nmedical data. <\/p>\n\n\n\n The\nMedical Industry\u2019s Lackluster Attitude Surrounding Security <\/strong><\/p>\n\n\n\n Many medical professionals view security as a \u201cdo it\nyourself\u201d project, according to Massachussetts General Hospital\u2019s director of\nanalytics in radiology, Oleg Pianykh. Hospitals do medical best \u2013 they aren\u2019t\ncybersecurity experts. While many hospitals have some kind of network leader or\nIT support specialist, they don\u2019t have much of a plan in place to keep medical\ndata safe.<\/p>\n\n\n\n Some hospitals outsource to private data storage firms that\nspecialize in highly secure solutions. Other medical care providers attempt to\ndo things themselves without a fundamental understanding of security. There is\ntechnically an official security standard in place, overseen by Medical Imaging\n& Technology Alliance. This organization does not actually provide security\nsolutions, making it harder for medical care providers to know where to begin.\nA lack of ready-to-go solutions makes it difficult for people who aren\u2019t in the\nbusiness of cybersecurity to understand an adopt the standards necessary for\nfull patient privacy. <\/p>\n\n\n\n The Medical Imaging & Technology Alliance is slightly\ncryptic in what security means and how to securely transmit information. Their\nresponse (or lack of response) to the findings that most data wasn\u2019t secure at\nall was troubling. They seemed to be happy to accept whatever was going on, no\nmatter what it was.<\/p>\n\n\n\n Keep\nYourself Safe <\/strong><\/p>\n\n\n\n The way medical data is handled is absolutely unacceptable.\nYour medical data is of the utmost importance \u2013 it\u2019s ten times more personal\nthan your tweets or your Instagram story, and the medical industry is treating\nit with far less respect. This is unacceptable and against HIPAA regulations,\nyet no one of authority seems to be pushing for mandatory higher security\nstandards. The American public should be outraged.<\/p>\n\n\n\n If you need to digitally exchange medical information with a\ncare provider, we suggest that you use PrivateMail Files. PrivateMail Files\u2019s\ncloud storage is HIPAA compliant and end to end encrypted. Only your doctor will\nbe able to receive your X-Rays, MRI, CAT scan, or other medical documents you\nchoose to send. PrivateMail Files business plans offer 100GB cloud storage that\nfeatures AES256 encryption and easy to use files sync apps for any operating\nsystem. <\/p>\n","protected":false},"excerpt":{"rendered":" It seems shocking that millions of Americans\u2019 private medical records are free and easy to access online. What\u2019s more terrifying is that it shouldn\u2019t be shocking. Experts have been warning the people storing this data for years that their storage methods weren\u2019t at all secure, but no action was taken on their part. Now, nearly […]<\/p>\n","protected":false},"author":1,"featured_media":34,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[15],"_links":{"self":[{"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/posts\/33"}],"collection":[{"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/comments?post=33"}],"version-history":[{"count":1,"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/posts\/33\/revisions"}],"predecessor-version":[{"id":35,"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/posts\/33\/revisions\/35"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/media\/34"}],"wp:attachment":[{"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/media?parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/categories?post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/privatemail.com\/blog\/wp-json\/wp\/v2\/tags?post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}