Posted on Apr 16, 2014
What can the DoD and VA do to secure the vulnerability of medical records?
5.2K
5
11
1
1
0
http://www.armytimes.com/article/20140415/BENEFITS06/304150050/Your-medical-files-may-risk
After veteran Aaron Alexis shot and killed a dozen people at the Washington Navy Yard last September, the Air Force noted a spike in the number of personnel dipping into his electronic medical file....
After veteran Aaron Alexis shot and killed a dozen people at the Washington Navy Yard last September, the Air Force noted a spike in the number of personnel dipping into his electronic medical file....
Posted >1 y ago
Responses: 5
Some time back around Feb. I posted a video about copiers and what information can be found in them. Here is that video again:
https://www.facebook.com/photo.php?v= [login to see] 532761&set=vb.716992760&type=2&theater
This will get your attention. I will never look at a copier the same way.
(2)
(0)
SGT (Join to see)
From what it looks like in the video, organizations need to be aware of situations on where sensitive data is stored, and when the hard drives need to be wiped.
(1)
(0)
SSG Laureano Pabon
I just now got back from the VA Hospital, Had an EKG, chest x-ray and blood work done, during my roaming around I didn't notice any real violations except the copiers. Network copiers that is. As far as the OS, Windows 7 is all I seen and even then I haven't notice too much security violations considering that the Nurse whom was trying to get my records almost got locked out because she was trying to get my data. This is a good sign since it is password protected and can be locked if that entry is done wrong 3 times.
(0)
(0)
In order to maintain a sustainable, reliable and available database, every organization must attain not only people with information security skills but also people with sense of Cybersecurity awareness. In addition, every organization must commit to training their data custodians and retain only those personnel that have sense of duty of protecting the databases that is in their custody.
(1)
(0)
The DoD uses a system called AHLTA to store and document electronic medical records. This system is by no means brand new, its been around since at least 2005 when I came into the military. Most healthcare providers working in an AMEDD facilities (doctors, nurses, medics, etc.) have access to this system. With only a first and last name, and maybe a last 4 of SSN for more common names, you can pull up the records of anyone in the system. While pulling up a record does leave a trail, it won't automatically send up a red flag unless you try to access privileged portions of the record. These portions, mainly behavioral health notes and some sensitive test like HIV, can be opened by anyone with access, but will be flagged for an audit of the reasons as to why it was accessed. Access to this system is necessary for a modern clinic to function, and a heavy focus is placed on HIPPA in both training and execution of daily activities to avoid unauthorized disclosures of PHI. Are there dirtbag Soldiers out there that will do it anyways, of course, and this is true for many other areas of the military as well; these Soldiers when caught are often made examples of to deter others, and renew confidence in healthcare provider's dedication to privacy.
(1)
(0)
SGT (Join to see)
Does the DoD need to look at the ability to access any record in the system as a critical vulnerability?
(0)
(0)
SFC(P) (Join to see)
We're talking about a system that is similar in nature and necessity to e-MILPO or the finance system. I read the article you posted, we're not talking about people hacking the records, or people being able to get access that don't already have access, we're talking about misuse of the access that has been given. Access to every record could be limited, but at the end of the day, do you want to show up in an ER that can't access your records because you haven't in-processed yet, or its not your home base? This issue needs to be handled at the unit level, which I have seen done before, but apparently wasn't publicly done in the Air Force unit mentioned.
(0)
(0)
SGT (Join to see)
"The vulnerability of medical records concerns Tricare beneficiaries like retired Air Force Maj. Ken Burgess, who said his information has been compromised twice: once in a Tricare data breach and another involving a laptop theft at VA."
It's not just a simple unit issue. Think a little more holistically. Moreover, your ER example is a straw man argument. Plus, the Tech Sgt. involved in the incident was lucky to be aware of the right to ask for a HIPAA audit. I would venture to guess, many service members are not aware of it as a recourse for the possible disclosure of private healthcare information.
It's not just a simple unit issue. Think a little more holistically. Moreover, your ER example is a straw man argument. Plus, the Tech Sgt. involved in the incident was lucky to be aware of the right to ask for a HIPAA audit. I would venture to guess, many service members are not aware of it as a recourse for the possible disclosure of private healthcare information.
(0)
(0)
Read This Next