Who’s Protecting My Privacy?

 Kelly Stephens, Editor, 24×7

Am I the only one who feels a little uneasy when watching those OnStar global positioning system (GPS) commercials featuring phone calls with real customers? In one, there’s simply a black screen with subtitling. You hear a man on the phone telling a female OnStar representative that he has locked his keys and his dog inside his car.

Within seconds, the OnStar rep calmly tells him that his car is now unlocked. Just like that. He proceeds to thank her profusely and sounds pleased that OnStar saved the day and freed his dog.

Don’t get me wrong: I’m happy for the man and his dog. But my mind immediately races with questions. Who is this woman, and where is she? New York? India? Down the street in an unmarked van?

Can she unlock my car whenever she likes? What other information does she have about me, and how is it being shared? What precautions are being taken to ensure my privacy?

I suppose the same sorts of questions can be asked of supermarkets and health care facilities. My doctors—and the computers and medical equipment they use—know all my history. How is that information being protected?

To find out about OnStar’s privacy safeguards, I visited the company’s Web site. There, I was assured that the company “implements and maintains technical, physical, and administrative safeguards to help protect the security and confidentiality of customer information in OnStar’s possession from theft, loss, misuse, improper distribution, or alteration.”

As for the security of my medical information, part of that responsibility may fall to biomeds. The final security rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) goes into effect this April. The rule seeks to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI), such as name, birth date, and account number.

24×7 editorial advisory board member Matthew Baretich, PE, PhD, says hospital biomedical and clinical engineering departments may play an active role in determining which equipment creates, receives, maintains, or submits ePHI. Also, evaluating equipment for HIPAA compliance will most likely become part of the equipment acquisition process, he says. For help in that area, the Healthcare Information and Management Systems Society (HIMSS) and several other industry organizations have developed a form that allows manufacturers to provide model-specific information on a device’s capability to transmit or maintain ePHI.

As editor of 24×7, I will do all I can to keep you up to date on the latest HIPAA happenings. Look for last-minute compliance advice from industry experts in upcoming issues. With your help, I’ll be able to rest easy knowing that my medical information, at least, is safe out in cyberspace.

[email protected]