Data Hemorrhages: Digital Medical Records Run Wild

Electronic medical records are in the news, with President Obama calling for the medical records of every American to be digitized by 2014, and the stimulus package providing $19 billion to make it happen.

The plan's many critics are concerned about data security, but recent research by Tuck professor M. Eric Johnson shows that patient data is already hemorrhaging from the health-care system. His antidote, however, may surprise you: "Moving hospitals and health-care organizations towards larger, enterprise-based software systems—which is exactly what the Obama administration is pushing for—will in fact improve this problem," says Johnson.

Johnson's new research shows that the danger comes less from digital medical records than from the ad hoc programs on which many of them are stored, including Excel files and Microsoft Word documents. From those highly insecure formats medical data can go almost anywhere. "When these data get into things like spreadsheets, the inadvertent disclosure comes from all over the place—lost laptops, portable zip-drives, and even email," Johnson says.

Johnson and his colleagues examined data hemorrhages from one such source: Internet-based file-sharing networks. Users who connect to these so-called peer-to-peer (P2P) networks, many of whom do so at work, permit others to search for and copy files stored on their computers. While the overwhelming majority of P2P users are hunting for, say, the latest Jonas Brothers hit, fraudsters can as easily search for medical identities to exploit.


Johnson and his colleagues searched the four most popular P2P networks for keywords associated with Fortune magazine's 10 largest publicly traded healthcare companies, which together account for nearly $70 billion in health-care spending. An initial sample collected over two weeks yielded 3,328 files, 389 of which were relevant to health-care or the target firms. About five percent of those contained sensitive information.

Johnson then focused on those P2P users whose computers contained the most sensitive files. That search uncovered sensitive information on tens of thousands of individuals, including medical and psychiatric diagnoses. One such document, a government employment application stuffed full of personal details, ironically included a three-page Privacy Act warning. Another contained the names, Social Security numbers, and health insurance providers of more than 20,000 people. Highly personal information of this type is fodder for any number of nefarious purposes, from conventional financial identity theft and medical billing schemes to the fraudulent acquisition of medical services and prescription drugs.

As financial institutions have become more secure, and also much better at detecting fraud, health-care is now emerging as the next big target for data theft, Johnson says. The fragmented network of providers and supporting companies makes the health-care sector especially vulnerable to identity theft and related fraud. These crimes can do tremendous damage to an individual's reputation and health, and the monetary costs are staggering.

"With the electronic availability of this kind of data, it's much easier to perpetrate a large crime and to do it more quickly," Johnson says. Take, for example, the clinic desk supervisor whose role in a $7.1-million fraud was to telephone an accomplice with personal information about the people she admitted, one patient at a time. "That's just kind of a slow drip," Johnson says. "But if she can get 20,000 patients on a spreadsheet and email that to somebody, wow."

This article appears in the May 2009 issue of Tuck Forum.