Data Hemorrhages

Popular peer-to-peer (P2P) Internet-based file sharing networks that allow users to share music and videos may also inadvertently expose America's health care patients, providers, and payers to identity theft. That is the conclusion of Tuck Professor of Operations Management M. Eric Johnson, who presented his report, "Data Hemorrhages in the Health Care Sector," at the Financial Cryptography and Data Security Conference in Barbados during February 2009.

Johnson's research in this area has drawn significant media attention—in mainstream newspapers such as USA Today as well as in publications that address information technology issues. A recent Scientific American story reported that Johnson, using software written specifically for scanning P2P networks, "found confidential medical files involving thousands of people, including patient billing records and insurance claims containing Social Security numbers, birth dates, medical diagnoses, and psychiatric evaluations."

His research on the perils of file sharing was also reported by Computerworld, New Hampshire Public Radio, and SC Magazine. While all noted the role unwitting hospital employees play in the breaches, SC Magazine, which is aimed at information technology security professionals, pointed out Johnson's belief that, even if health care organizations ban employee use of P2P networks, patient data will still wind up on the laptops of individual physicians or partners, "so the potential for any one of those users to participate in P2P goes up."

In the Scientific American story, Johnson says the move to digitize the medical records of every American by 2014, a measure proposed and supported by the Obama administration, will not be easy. "The transition is going to be painful," he continues. "It's not until they understand how to secure these records that we're going to be safe."

M. Eric Johnson is professor of operations management and director of the Glassmeyer/McNamee Center for Digital Strategies at Tuck.