Patient data breaches and the question of trust in radiology

Late last month, it was reported that the integrity of nearly 100,000 patients was compromised after a radiologist in a Long Island radiology practice accessed information from it's billing system without authorization.

That followed a case reported earlier in June in which a California facility suffered a break-in in which a thumb drive containing the private information of more than 33,000 patients was stolen.

Of course, the healthcare system as a whole has seen a significant increase in the number of data breaches. A report by an IT security audit firm published in February determined that in 2013 the number of data breaches increased by 138 percent compared to 2012, so the problems extend far beyond radiology practices.

Yet, clearly radiology practices and imaging facilities still face security and privacy challenges. For example, a recent article in Wired pointed out that storage systems for X-rays and other images are very vulnerable to breaches because these storage units can usually be accessed without authentication.

As demonstrated by the latest examples of breaches, most are fairly simple in nature, involving lost laptops or thumb drives, or cases in which employees access patient information without authorization. But, despite the elementary nature of these breaches, privacy compliance must be a big deal for radiology groups.

"You can't just dismiss it," Raymond Geis, a radiologist with Advanced Medical Imaging Consultants and chair of the Society for Imaging Informatics in Medicine, told RSNA News earlier this year.

According to Geis, there are plenty of things radiology groups can do to better protect privacy, including:

  • Review security policies
  • Consult with health privacy experts
  • Update agreements with business associates and review and revise Notice of Privacy Practices and Breach Notification Policies
  • Hire HIPAA compliance officers

The recent data privacy breaches in New York and California certainly don't mean that there is anything fundamentally wrong with the way in which facilities are protecting their patient's data.

But, it's important to remember that the most important asset of any physician's practice is going to be the trust it receives from its patients. These incidents should remind radiology practices that they must continue to take security and privacy issues seriously in order not to lose their patients' faith. - Mike (@FierceHealthIT)