Who’s Protecting My Privacy?
Kelly Stephens, Editor, 24x7
Am I the only one who feels a little uneasy when watching those OnStar global
positioning system (GPS) commercials featuring phone calls with real customers? In one,
there’s simply a black screen with subtitling. You hear a man on the phone telling a
female OnStar representative that he has locked his keys and his dog inside his car.
Within seconds, the OnStar rep calmly tells him that his car is now unlocked. Just like
that. He proceeds to thank her profusely and sounds pleased that OnStar saved the day and
freed his dog.
Don’t get me wrong: I’m happy for the man and his dog. But my mind
immediately races with questions. Who is this woman, and where is she? New York? India?
Down the street in an unmarked van?
Can she unlock my car whenever she likes? What other information does she have about
me, and how is it being shared? What precautions are being taken to ensure my privacy?
I suppose the same sorts of questions can be asked of supermarkets and health care
facilities. My doctors—and the computers and medical equipment they use—know all
my history. How is that information being protected?
To find out about OnStar’s privacy safeguards, I visited the company’s Web
site. There, I was assured that the company “implements and maintains technical,
physical, and administrative safeguards to help protect the security and confidentiality
of customer information in OnStar's possession from theft, loss, misuse, improper
distribution, or alteration.”
As for the security of my medical information, part of that responsibility may fall to
biomeds. The final security rule of the Health Insurance Portability and Accountability
Act of 1996 (HIPAA) goes into effect this April. The rule seeks to ensure the
confidentiality, integrity, and availability of electronic protected health information
(ePHI), such as name, birth date, and account number.
24x7 editorial advisory board member Matthew Baretich, PE, PhD, says hospital
biomedical and clinical engineering departments may play an active role in determining
which equipment creates, receives, maintains, or submits ePHI. Also, evaluating equipment
for HIPAA compliance will most likely become part of the equipment acquisition process, he
says. For help in that area, the Healthcare Information and Management Systems Society
(HIMSS) and several other industry organizations have developed a form that allows
manufacturers to provide model-specific information on a device’s capability to
transmit or maintain ePHI.
As editor of 24x7, I will do all I can to keep you up to date on the latest HIPAA
happenings. Look for last-minute compliance advice from industry experts in upcoming
issues. With your help, I’ll be able to rest easy knowing that my medical
information, at least, is safe out in cyberspace.
kstephens@medpubs.com
Resources
