If your protected health information is kept in an online database, your identity could be compromised along with your privacy.
That's the message experts are sending after Harvard University officials discovered that a loophole in the university's student survey tool allowed Internet users to grab students' birth dates and ID numbers. Users could then use that information to grab students' prescription drug records from a Web site run by Rhode Island's PharmaCare, the Boston Globe reported.
The problem was first identified Jan. 20 by Harvard's student paper. The university has since shut down access to the polling software and fixed the loophole. PharmaCare claims no student information was inappropriately viewed, Harvard CIO Dan Moriarty told the Globe.
The Bottom Line: Now's the time to check your Web sites and online databases for security glitches - before PHI hits the road.
PULL YOUR PHI FROM MARKETERS' LISTS
All providers work tirelessly to keep their patients' health information from becoming telemarketing goldmines, right? Wrong.
David Sossaman sent a letter to Drs. Larry Konzen and Alan Larson and the political action committee Citizens for Better Healthcare - Yes on BB on Jan. 4 asking for $25,000 in damages after they allegedly sold his PHI to telemarketers, the County Times reported.
Sossaman worried that his information was used inappropriately after he received several phone calls and letters from pro-Proposition BB supporters. The supporters' interest was quickly followed by increasing calls from telemarketers.
North County Internists - the medical group where Konzen is a member - provided the patient lists used to mail the political letters, though the group claims its use of PHI was covered by the privacy rule.
The Office for Civil Rights is investigating Sossaman's claim.
The Bottom Line: Using patient information for anything other than TPO reasons can be risky.