Slashdot Mirror

← Back to Stories (view on slashdot.org)

Accessing Medical Files Over P2P Networks

Posted by Soulskill on from the doctor-patient-entire-internet-confidentiality dept.

Gov IT writes with this excerpt from NextGov: "Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems. ... The basic technology that runs peer-to-peer networks inadvertently exposed the files probably without the computer user's knowledge, Johnson said. A health care worker might have loaded patient files onto a laptop, for example, and taken it home where a son or daughter could have downloaded a peer-to-peer client onto the laptop to share music."

5 of 137 comments (clear)

  1. Re:Wrong issue by mc1138 · · Score: 3, Informative

    I used to work as an IT outsourcer, and security becomes a big headache with lots of Doctors. Quite often Doctors like to be able to work from home either via VPN or some other remote solution, or just taking work home with them. Then comes the problem that most of them aren't very technically inclined and/or let their kids do whatever they want. It doesn't matter how much training or what you implement, Doctor's especially those with private practices will always find a way to mess things up and pose security risks.

    --
    The musings of just another geek and his junk.
  2. Re:P2P?! Oh no! by Anonymous Coward · · Score: 1, Informative

    Now they'll learn about my heart condition, and in order to reduce medical costs, decide to skip-over me and give the job to someone else.

    See GINA. But really the whole point of Health IT is that it's one step towards universal health care. In such a system there won't be discrimination against "pre-existing" conditions and your health history is not your employer's business.

    I understand the privacy concerns and but again the goal is make such fears of discrimination moot.

  3. Re:P2P?! Oh no! by webnut77 · · Score: 2, Informative

    yeah the potential harm, if they are out to get you, outweighs the benifit of you not dying.

    Where there is money to be made (or for that matter, power to be gained) they are out to get you.

    Explain the part about dying.

  4. Re:P2P?! Oh no! by commodore64_love · · Score: 2, Informative

    >>>your health history is not your employer's business.

    It's not their business about my IRS or SS earnings either, and yet a potential employer (CarMax) still managed to recover my annual income levels for the last 10 years, and uncovered that I was unemployed for most of 2003 ("You're income levels were near-zero that year; what happened?"). You're naive if you think your information is secure.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  5. Re:P2P?! Oh no! by mattwarden · · Score: 2, Informative

    If the data is being displayed, then it is unencrypted in memory. The doctor doesn't have to do anything. An enterprising IT individual who understands the doctor's wishes to manage the data in their own way will write a tool -- perhaps even open source -- that will extract the data from memory and output to a comma separated file. Done.