With apologies to Raymond Carver, can we please define acceptable risk? Remember the early days of online commerce when everyone was afraid to use their credit cards over the Web for fear of their data being swiped? I seem to recall studies from around that time suggesting that your credit card data was just as vulnerable when a waiter took it to the back for processing after the meal. Not to trivialize either risk, but the point seemed to be "get used to handing your credit card to a relative stranger in a busy place and don't worry if you don't get it back for ten or fifteen minutes." For healthcare IT advocates, the story last week of yet another theft of a laptop containing sensitive patient information--this time in Michigan--is one of those déjà vu moments. Even though this time, as is often the case by the way, the computer was recovered and no patient data was stolen. Are patient e-records more vulnerable when they are…well, e-records? Or is this more like worrying about your online purchase while you smile at the waiter and politely wait for him to give back your credit card? I don't pretend to know the answer, but I would love to hear your thoughts on the matter. Enlighten me at [email protected]
And here's how a Detroit daily covered the story before the data was recovered.
Finally, we had another big patient e-data theft item in our previous issue.