Health Information Exchange Featured Article

November 18, 2011

New Medical Data Breach: How Safe Are Our Health Records Really?

We’ve been told that converting our paper patient records into electronic ones is good for everyone – us, doctors, hospitals. But what if data we’ve been told are so safe really aren’t, and everything from our tonsillectomies to our sperm counts are floating around on the Internet?

According to a story by Don Thompson and Marcus Wohlsen of the AP, the information on more than 4 million patients of a major Northern California health care provider that was breached last month may be far from the only incident of its kind.

They report that over the last two years, “health care organizations have reported 364 incidents involving the loss or theft of information ranging from names and addresses to Social Security numbers and medical diagnoses on nearly 18 million patients — equivalent to the population of Florida.”

Pretty scary. Just last month, a thief broke into Sacramento-based Sutter Health Foundation, affiliated with Sutter Health, and stole a laptop that just happened to contain medical information on more than 4 million patients, according to Thompson and Wohlsen. 

The data on patients were protected by a password but not yet encrypted , the company said, wrote Thompson and Wohlsen. Patient records going as far back as 1995 were on the desktop computer that was stolen, they report.

"Had this data been encrypted, you and I wouldn't be having this discussion. It would be a nonissue," Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer education and advocacy organization based in Sacramento, told Thompson and Wohlsen.

And it’s been going on for years. According to a story by Jay Cline at, the very first breach was reported in June 2001 when an Eli Lilly employee inadvertently leaked the names of 700 Prozac users.

But the Sutter Health breach was nowhere near the largest. Since federal health care data breach notification rules took effect in 2009, Health and Human Services records show that the U.S. military's health insurance program lost backup tapes in September containing information on almost 5 million patients, according to Reuters’ Jim Forsyth, as reported in the AP story.

Forsyth writes that the information for some 4.6 million active and retired military personnel, as well as their families, was on back up-tapes from an electronic health care record used to capture and save patient data from 1992 through September 7 of this year, according to Science Applications International Corp.

Deborah DiSesa Hirsch is an award-winning health and technology writer who has worked for newspapers, magazines and IBM in her 20-year career. To read more of her articles, please visit her columnist page.

Edited by Rich Steeves