Health Records Havoc

I attended an H1N1 Vaccination clinic in  a local temporary clinic during early December. I went there with the express purpose of protecting myself against a known danger. Two weeks later I receive a letter from that same Regional Health office to advise me that they “might” have put my personal information at risk because of their inability to protect my data.

Systemic stupidity

Let’s get this right. This clinic was run by employees of the Durham Region Health Department. Their job is important and they are in the business of handling private and personal information for their clients. At this clinic they had many laptops which seemed to be networked together and they collected private information in order to identify the visiting patients. It seems they allowed an employee to copy this data on to a USB stick, walk out of the clinic and (a camera caught this) set the USB down on a rock in front of the clinic! From there nobody knows where it went to. Read more here.

The Privacy Commissioner has derided the Regional Health Department for not using strong encryption for mobile devices. What? Is my data that resides on their internal and non-mobile devices not encrypted? Every health record must be encrypted so as not to be compromised at all. This debacle has surely cost the Durham Region significantly more that actually using encryption capabilities—go figure.

Self Protection

Let this incident be a lesson to all of you folks who use portable devices for carrying around your corporate or private data. If you have a portable device (read laptop, smart phone, USB stick, portable drive etc.) you need to encrypt it. Encryption is easy and cheap. We use an very good open source encryption called TrueCrypt. If you are looking for something that will protect your sensitive data in mobile situations this is at least a start.

Send this article to:
  • Digg
  • Facebook
  • Tumblr
  • Google
  • StumbleUpon
  • Technorati
  • E-mail this story to a friend!
  • Print this article!

Leave a comment