Security breach: Hacker gets medical records

A computer break-in at the University of Washington puts the spotlight on the privacy of medical records. But many say paper records are even less secure.

By Tyler Chin, AMNews staff. Jan. 29, 2001.

The University of Washington Medical Center, after some prodding, acknowledged that a hacker had infiltrated its computer system last year, stealing confidential records of thousands of patients.

While not minimizing the seriousness of the security breach, some physicians said their peers should not let the incident -- or the risk of hackers in general -- deter them from using electronic medical records. They say the benefits of using electronic systems to improve care and practice efficiency outweigh the security risks.

"In no way do I want to minimize what happened," said Richard W. Whitten, MD, an internist in Bellevue, Wash. Dr. Whitten works for the University of Washington Physician Network, a multispecialty group affiliated with the University of Washington Medical Center.

"It's extremely serious, but on the other hand we must look at how to take care of people better, and the electronic medical record is the way to go," he said.

Forgotten in the glare of publicity following last month's disclosure of the computer break-in at the medical center is that the state of security surrounding paper-based records leaves those records just as vulnerable as, if not more so than, electronic records, say physicians and privacy experts.

"We shouldn't fool ourselves about how secure medical records are," said Samuel W. Cullison, MD, a family physician and director of Providence Family Medicine, a Seattle-based family practice program affiliated with the University of Washington Medical Center. "Only an extremely naïve person believes that paper records are secure." [...]