Abstract
On September 3, 1971 the office of the psychiatrist for Dr. Daniel Ellsberg was entered for the purpose of stealing Dr. Ellsberg's medical records and perhaps discrediting him. The intent was to find material that could compromise the credibility of Dr. Ellsberg. Ellsberg had leaked the Pentagon Papers in 1971, and the burglars were the “plumbers” of Watergate fame directed covertly by the Nixon White House. This may have been the most famous case of medical record theft to that time. The purpose was clearly to steal private medical data. The theft was not only a violation of the law by breaking and entering but also violated the first of the four pillars of medical ethics: autonomy and thus privacy. For those too young to remember, the information stolen was not helpful to the scurrilous cause, and in 1973 Ellsberg was acquitted of the theft of the papers on a technicality by U.S. District Court for the Central District of Columbia Judge William Matthew Byrne on May 11, 1973. The episode evoked considerable concern in the medical community about medical privacy and was central to the subsequent downfall of President Richard Nixon.
The purpose of this piece is not to discuss the Ellsberg matter, although it is very interesting. The purpose here is to consider the current outcry about medical identity and data theft. We are apparently in a very difficult situation with regard to our responsibilities for privacy in a much more serious way than at the time of the burglary of those psychiatry records in 1971. The simple file cabinet in which the medical records of Dr. Ellsberg were stored is in the Smithsonian Museum of American History. The cabinet had been pried and hacked open by various instruments. Thus hacking? The vulnerable entity today is the electronic health record.
The electronic record was of course preceded and facilitated by electronic information and computing advances. Business was quick to use these tools to control inventory, manage financial transactions, and create the automated teller machine. By 1980, the electronic tools were thoroughly ingrained in our business world. Hospitals as businesses used the tools to manage inventory and, above all, to charge capture to assure proper and full billing for the care they delivered. The clinical use of electronic resources in the hospital came in the 1970s with pioneering efforts such as the Computerized Physician Order System at el Camino hospital in Mountain View, CA and clinical vocabulary efforts at the Massachusetts General Hospital in Boston. The management of information through computing took an explosive leap with the communication possibilities of the Internet in 1993. Now it is difficult to imagine medical care, banking, or buying gas without the use of advanced computing, personal information sharing, and the Internet.
Of course this is all good. We still revere our autonomy pillar of medical ethics and do not want any progress to violate that sacred principle. However, this past winter the world was stunned when Anthem announced that the records of 80 million health insurance customers had been hacked. Now no bona fide medical information was stolen. After all, why would a hacker in another part of the world care to know about the details of hemorrhoids or hypertension? What they wanted, of course, was personal information that could be used for identity theft for the felonious purpose of stealing money. Still, in the climate of great concern for personal privacy this was a shocker.
The Health Insurance Portability and Accountability Act of 1996 did not especially do much for portability or accountability, but the provisions for privacy greatly altered medical practice, and we could all agree for the better. Healthcare in the United States carefully guards the records of patients and carefully stores the matters pending with encryption in electronic databases. The Health Information Technology of Economic and Clinical Health (HITECH) Act of 2009 made electronic records a reality for all, and the Affordable Care Act of 2010 set the trajectory for records to be accessible anywhere through the Internet to have meaningful use in the care of mobile patients. Privacy was demanded at all steps.
So how could they be hacked at Anthem? It seems any electronic database is susceptible to the creativity of the criminal mind. Why steal medical information? The data can be used to falsely use the health benefits of another or, more commonly, the usual dirty business of creating credit avenues unknown to the real owner. The thief really did not care about your herpes or bipolar disorder. There may be no truly effective way to protect our identity. What is there in a medical record that is of use to the criminal? There are three items that are most useful for identity theft: name, Social Security number, and birthday. Guess what all medical records supply? Indeed, patients are asked to identify themselves at the desk of a practitioner's office by giving their name and date of birth. This of course avoids a lot of dangerous error. However, we are also brandishing about critical elements in identity theft in a crowded waiting room or in a semiprivate room at hospital before receiving our next dose of antibiotic. The data are on the patient's identification bracelet. We may as well put up billboards with the critical information that is needed to ruining our credit and good name.
Let us invite the good and sincere minds in medical records to do something here. First, let us move rapidly to biometric identification of patients and their records. Could we not use radiofrequency identification in the hospital instead of a bracelet that say “Hi! My name is Stupid. Please steal my identity!” Second, let us stop the use of Social Security number and birthday as unique identifiers in insurance and healthcare. There was a time not too long ago when patients had a unique medical record number. You cannot open a credit card account at Macy's with someone else's unique medical record number. Why birthday? Let us end the wholesale insistence that patients provide their date of birth in order to proceed with medical care. Come up with something else!! Maybe a code word, name of your cat, teacher you most disliked, mother's hat size, etc., would do. Just find some way to avoid blurting out to the world that you have the same birthday as Benjamin Franklin but 1970 instead of 1706. Third, let us strongly consider separating medical information from financial identifiers. This is feasible. A unique identifier of no interest to the thief could access the real data and leave your address, credit score, phone number, and Social Security number in a separate spot and protect that information with a passion. Financial identity theft will be solved someday. In the meantime perhaps medical care could avoid being a coconspirator in this mess.