Electronic health records have been way oversold. Expecting every little medical office to have industrial-grade data protection makes them far more of a liability than they are worth.<p>At best mostly subjective observations, at worst full of outright errors, they're largely useless from a health care perspective let alone for research purposes.
There's some kind of database called MIB that sells all your medical information like a credit report. I haven't figured out how to opt out of it or where exactly they get the data so I can opt out of it before they even send it. It's some kind of horrific atrocity. Please somebody expose this to everyone: <a href="https://www.mib.com/request_your_record.html" rel="nofollow">https://www.mib.com/request_your_record.html</a>
I wonder how many of these are encrypted systems. I see a lot of "theft" and "loss" on that list. I know if I were to lose a system that had PHI on it I would be required to report the breach even if the system had full disk encryption. I'd bet many or most of these are similar.
> As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.<p>Well, I'm glad this random webpage is broadcasted into the internet and therefore everyone is properly informed about these breaches.<p>This is the same as Google providing that page somewhere deep in the account settings where you can view what data they have on you. It's beneficial for them to provide this, because 99.99% of users will never find it anyways. And those that are concerned can be calmed down by it.
I care less about health info privacy than identity. When I was a kid, hospital admissions were published in the daily paper. Nobody thought much of it.<p>The number of people interested in your health is tiny. The number of people interested in your money, and motivated to try to take it from you, is much higher.