Encryption for Medical Records

This week Emory Healthcare in Atlanta, Ga. was sued for over $200 million dollars for losing 10 discs containing medical records for approximately 315,000 patients.  The class action filing sends a lightning bolt to the healthcare industry reminding all of us the importance of HIPPA regulations and the consequences of failed protocols.

Evidently, the missing data was not encrypted because it was associated with an outdated computer system.  Encryption would have made viewing the data more difficult.  The disc contained medical records and social security numbers.  Simply put, this is the Holy Grail for identity thieves and nefarious characters.

Today let us explore the challenge of preserving patients’ privacy with electronic health records.  We advise our customers that security in such systems should be enforced via encryption as well as access control.  The standard argument against such an approach is that encryption would interfere with the functionality of the system.

When the American Recovery and Reinvestment Act of 2009 was signed into law it contained provisions authorizing the federal government to spend 19 billion dollars to digitize U.S. Health records.  Moving to EMRs is important to the modernization and revamping of our healthcare system, but solving the great challenge of ensuring safety, security, and privacy of patients is equally critical.

Computerized medical records are open to potential abuses and threats.  Large amounts of sensitive healthcare information held in data centers are vulnerable to loss, leakage, or theft.  In the last few years, personal health information has been compromised because of security lapses at physician practices, hospitals, and insurance companies.


Encryption has been promoted for several years in the healthcare industry and is the most effective technology for preventing the disclosure of patients’ personal health information.  More information can be found on the Information and Privacy Commissioner’s office at www.ipc.on.ca.

In addition, to provide patients with the best care possible, physicians need to be able to use and share patient information freely and rapidly.  Technology which allows for a shift from paper-based records to electronic ones like McKesson’s Medisoft Clinical EMR can greatly enhance communications, thus improving patients’ safety to the benefit of all.

Because physicians have come to rely on mobile computing devices – such as laptop computers, smartphones, and iPads, new risks are sure to rise concerning security.

Even though some of these devices can be password protected, the personal health information that they contain is not encrypted.  If properly implemented, encryption would prevent a privacy breach in the event that a mobile device (e.g., laptop) is lost or stolen.  This would save physicians time and money by allowing them to avoid the notification requirements that are currently in place.

Doctors are responsible to ensure that all the information in their custody or control is appropriately secured.  It is imperative that strong, preventive safeguards be used.  While encryption fulfills this requirement, it is always a good idea to contact reputable IT professionals to help in this endeavor.


Iron Comet Consulting is a Mckesson Platinum certified reseller, medical IT firm and medical billing service based in Stockbridge, Georgia. Our products combine the clinical with the financial to improve workflow and revenue capture. Mckesson’s Medisoft Clinical is a complete physician practice optimization solution. For more information, please visit http://www.ironcomet.com/

Share this post:

Leave a Reply

Your email address will not be published. Required fields are marked *