Complacency’s Role in Information Loss
We all know the story of the RMS Titanic, which on April 15th 1912 struck an iceberg and sank. It is not just a story of human tragedy, but one of hubris and complacency. You see the ship was deemed “unsinkable” by the designers and operators. Simply not capable of failure. As a result, all of the warnings were ignored, andthe results were catastrophic.
Embracing this lesson in the heavily regulated healthcare industry is imperative. I have a vast arsenal at my disposal; technical controls designed to secure data and repel intruders. Not a day goes by that I don’t actively try to prevent the unthinkable: a data breach.
Ten years ago, the term ‘data breach’ was rarely heard, despite the fact things were so much less secure than they are now. Nowadays, data breaches are a daily headline. What has changed? Primarily the proliferation of technology. Computers are everywhere now, data is everywhere now, and access to it is ubiquitous.
The factors that contribute to data breaches are various, but more often now it seems complacency is an underlying factor. Just as the thousands of transatlantic voyages prior to the Titanic that did not hit an iceberg contributed to the idea that it simply was not possible, so was the hundreds of times a healthcare professional left an unencrypted laptop in a car and it did not get stolen. It is a lesson that need not be learned the hard way.
Despite the long-standing laws mandating protection of healthcare information, and the broad availability of affordable encryption technologies, stories abound of lost patient information.
A poignant example of the problem, recently an Arkansas insurer was levied a $250,000 fine after an unencrypted laptop containing personal health information for 148 people was stolen from an employee's car. There is nothing unique about this incident, and nothing about this incident that wasn’t preventable.
It is hard to say whether the Titanic tragedy was truly preventable, but it is when we think the worst simply cannot happen to us that we are at our most vulnerable. New England Geriatrics is engaged in an ongoing and comprehensive effort to protect patient information. I have dedicated my career to protecting patient information, but it is not my burden, it is my passion.