A psychiatrist based in Portland, Oregon is publicizing a data breach in order to alert patients. While I’ve got to applaud the doctor’s attempts to reach all of his patients in any way possible, I can’t help but think how much easier life would have been — for him and for his patients — if he had used laptop encryption software like AlertBoot to protect his patients’ data.
In fact, private practitioners of medicine probably have the most reasons for opting to encrypt their patient data.
Dr. David Turner appears to have issued a press release in order to contact and alert his patients of a data breach that took place in October 2011. Not much has been revealed except that:
480 current and former patients are affected
A laptop and other items were stolen from Dr. Turner’s office in October of last year
ID theft protection is being offered (only 48 have signed up)
Some patients’ SSNs were stored in the computer
Dr. Turner wasn’t able to reach everyone by mail; in fact “many” of them couldn’t be reached this way
The sign-up rate for ID protection is kind of astounding. If 48 have signed up, that means, that 10% of those affected have opted to take the offer. The last time I checked, a breached company’s offer had been taken up by less than 5% of affected clients; I don’t recall this company being in the medical field, though.
(In fact, the 48 people who did sign up actually represent more than 10% because not all of those affected know of the issue. Assuming that only 240 of the 480 were successfully contacted, the sign-up rate would be 20%).
The Longer You Practice, The Greater The Eventual Breach
When it comes to data breaches, individual practitioners of medicine really ought to secure their patient data with encryption software. The reasons for doing so are many but chief among them is the fact that the nature of the profession — helping people getting better — means that potential data breaches grow larger over time, on average. In fact, the more successful a doctor, the greater the risks from a data breach. Why? Because success correlates with more people being helped, which means more data to protect.
After all, patient data isn’t chucked out after the medical issues are resolved: generally, they’re kept as permanent records. So, while the risk of a data breach might remain constant year over year (say, 0.1% any given year), chances are that it will involve more patients with the passage of time.
In other words, the cumulative number of patients treated go up annually. A data breach today probably involves more people as opposed to it taking place last year since a doctor has met new patients in that one year. Thus, the risks of a breach increase from year to year.
When you consider this, it only makes senses to use disk encryption to protect patient data.
Related Articles and Sites: