The medical industry has suffered more security breaches than banks and the military combined, reports CNN, 90% of Hospitals and Clinics Lose Their Patients’ Data.

Just this year alone, 2.1 million patients’ medical records were stolen. That doesn’t include the major hacking into Community Health System’s computer network where 4.5 million of its stored social security numbers, names, addresses, and birth dates were lifted.

Community Health Systems operates 206 hospitals across the United States. Anyone who received treatment from a physician’s office tied to a network-owned hospital in the last five years has been affected.

This is not good news, that’s for sure. And it doesn’t look like it’s getting better any time soon. Hackers are becoming more sophisticated and they stand to gain a lot from hacking into your personal medical information. They make plenty of money by stealing medical records with social security numbers to commit identity fraud, open bank accounts, new credit cards, take out loans and ruin personal credit histories. Not to mention fraudulently billing health insurance companies, including Medicare, and harvesting prescription medications that can be sold for profit on the street.

Hackers are stealing patients’ medical records and private information from hospitals, universities, private clinics, health care organizations and health departments.

How does this happen?

62 percent of health care organizations are moving patients’ electronic medical records to cloud storage without proper security in place. Open WiFi is also a problem. Health care providers use WiFi networks to allow staff to share patient information more easily and these WiFi networks are not secure as they should be, according to a Huffington Post article, Why Your Medical Records Are No Longer Safe

The 4th Annual Benchmark study done by the Ponemon Institute reports that 90 percent of health care organizations had at least one data breach within the last two years. Billing and health insurance records are the most common type of patient data that is stolen. 

Kind of makes you think about your health insurance company and what is happening behind the scenes with your medical information, doesn’t it? How about medical billing practices from doctors’ offices, hospitals and medical clinics?

But there’s more.

The most common culprits for these data breaches are cloud storage for patient electronic medical records, patient data stored on unsecure databases, and patient registration on unsecure sites. Health organization employee negligence is considered one of the biggest security threats, according to the study, along with doctors and hospitals that do not encrypt patient data.

You’d think HIPAA laws would protect our medical information, especially with the onset of electronic medical records. HIPAA does not demand that hospitals and physicians use encryption.

Why the heck not?

According to Semel Consulting’s article, HIPAA Doesn’t Require Data Encryption, it has been suggested that data encryption be a requirement for health care organizations but the medical industry has refused, claiming that it would be an unfair financial burden.


That leaves millions of patients’ private medical information/medical records vulnerable to potential hackers. Our medical records include our social security numbers, home address, and other personal information.

I don’t know about you, but I would like my medical records and personal information to be encrypted if they are stored on cloud. And that’s at the very least.

Tips to help avoid getting hacked

1. Avoid storing your own medical records or medical information on a cloud-based platform unless you are certain of the security. I still wouldn’t do it, not yet anyway. I keep hard copies of my medical records in files so I can withdraw a piece of information when I need it.

2. Avoid using health/medical apps that share your information. Read the fine print before you consider downloading an app to your smartphone or other digital device. 

3. Keep your list of medications, emergency and physician contact information in a place that is easily accessible. Consider placing the information on a Medical ID card and slip it into the slot next to your driver’s license in your wallet. I have a free, no obligation, Medical ID card on my website that you can print out. See here. 

4. You can also scan your pertinent records and keep them in a secure file on your digital device, with no connection to the internet. Consider creating a passcode in case you lose your device.

5. Each time a medical provider asks for your social security number, ask if it is necessary to provide it and if so, ask if the last four digits will suffice.

6. Ask your health insurer for a copy of your medical records (EOBs.)

7. Review your medical bills closely.

8. Visit the U.S. Department of Health & Human Services health information privacy site to view major security breaches.

This CNN Money article, Simple Tips to Avoid Getting Hacked,  offers a number of good tips to protect your privacy and online security.




The Business Insider article, Senator Warns Fitbit is a Privacy Nightmare and Could be Tracking Your Movements, reports that Senator Chuck Schumer called for federal protections to prevent companies like Fitbit from collecting, sharing and selling consumer data to health insurers, employers and others. Fitbit, like Nike+FuelBand and Jawbone, sells wearable trackers that monitor sleep, health functions and physical activity.

Senator Schumer accused FitBit and Smartphone apps of sharing users’ information and location, infringing on consumers’ privacy without their consent. A privacy nightmare is right. But in a very recent addendum to the article, FitBit responded with a denial of selling consumers’ data to third parties. They share it though, and it says so right there in the fine print.

I know. I purchased a FitBit Flex a week ago and when I read the fine print about my data being collected and shared without my permission, I returned it to the store. I didn’t want my personal behaviors shared with companies, data brokers, and others. There’s something unseemly and downright scary about that.

Which brings up the issue of healthcare data mining and how that could and may have already affected us all as patients. You may not know it but with the onset of electronic medical records, health/fitness apps and more, your data might be collected without your knowledge. According to Bloomberg’s article, Your Doctor Knows You’re Killing Yourself, some hospitals and health insurance companies are using detailed patient data to create profiles to identify those who are at high risk for getting sick and how much it would cost to treat them. Their intention, according to the article, is to intervene before a health crisis occurs.

Why are they doing this? Under Obamacare, hospitals have a big incentive to keep patients healthy because the law changes how they are paid in terms of penalties and incentives. With your health information, they can protect their financial bottom line by intervening if you are at risk.

Just like retailers have been doing for years, your credit card purchases might be tracked to see if you buy cigarettes, cancel your gym membership, fill your prescriptions, and more.

Does anyone see this is as a direct violation of privacy?

Carolinas Healthcare System, which runs more than 900 medical care centers, has begun collecting data on more than 2 million people to identify high risk patients so that doctors can intervene before they get sick. They purchased the information from data brokers who scan public records and credit card purchases.

What this could mean for you and me are surprise phone calls, letters or other forms of communication about our behaviors that affect health. Probably more.

According to Bloomberg’s article, Hospitals Are Mining Patients’ Credit Card Data to Predict Who Will Get Sick, University of Pittsburgh Medical Center’s insurance provider, purchased data on more than 2 million of its members to make predictions about which patients are more likely to to get sick, go to the ER or an urgent care center.

If patients’ health and fitness data is being collected and sold, what’s next? Health insurance companies can no longer deny coverage, but might there be incentives and penalties for patients based on their behaviors that support their health or put it at risk?

What happened to patient autonomy? Isn’t that an essential tenet of patient-centered care?  

We accept certain social media data mining. You see it every time an ad pops up after you have searched or clicked on a similar item. You’re being tracked. But somehow I thought, or naively believed, that my health information was private, confidential. HIPAA privacy laws say so. Are medical facilities and health insurers taking a sledgehammer to HIPPA by collecting patients’ data?

Personally, I value my privacy. It’s one thing if I don’t read the fine print on an app or fitness tracker and my data is shared. But if my data is collected without my knowledge and I am contacted by my physician or health insurance plan in the name of proactive or preventive healthcare, I don’t think I’d like that. It would definitely make me feel cagey, fearful of being watched somehow.  

The physician-patient relationship is crucial for quality of care, patient safety and patient satisfaction. If data becomes a major driver, then how do patients maintain a level of honesty with their providers?

Granted, we don’t have much privacy anymore, but there must be some level of confidentiality and privacy or we will, in Orwellian terms, become a society where individuals are monitored at the expense of the welfare of a free society.




It’s a frightening statistic—400,000 patients die every year due to preventable, medical errors. This was the topic of testimony in the Subcommittee of the US Senate Committee on Health, Education, Labor and Pensions hearing, “More than 1000 Preventable Deaths a Day is too Many: The Need to Improve Patient Safety,” on July 17, 2014.

National patient safety experts testified before the subcommittee urging lawmakers to focus attention on patient safety and the need to track and reduce medical harm to patients.

The recent study by John James, PhD, a scientist and advocate whose son died due to medical errors, reports these alarming statistics. Dr. James asked lawmakers to establish a National Safety Board to investigate patient harm and suggested a standardized patient bill of rights.

Peter Pronovost, MD, PhD, senior vice president for patient safety and quality at Johns Hopkins Medicine and Ashish Jha, MD, MPH, a professor at the Harvard School of Public Health, called for the Centers for Disease Control and Prevention to track medical errors since they already collect data on hospital-acquired infections.

Tejal Ghandi, MD, MPH, president of the National Patient Safety Foundation, said that medication errors occur in up to 25 percent of patients. Ghandi also explained that diagnostic errors are also part of the problem, contributing to the number of fatal medical errors. She called for systems to be put in place to monitor patient care.

Lisa McGiffert, director of Consumers Union Safe Patient Project, asked legislators to create more meaningful public reporting of medical errors so the the general public would be more informed.

Part of the problem, experts agreed, is the need to develop measurements of patient safety efforts to produce credible data.  

Preventable, patient harm is the third leading cause of death in America, trailing behind heart disease and cancer. Let’s hope this hearing is one of many major steps toward transparency and reduction of preventable, medical errors. Medical processionals, medical facilities, patients and their families, must work together to increase patient safety for patients.

Patient safety is a team effort.

To view the Subcommittee Hearing see link here 


The new, award-winning documentary, Code Black, directed by emergency department physician Ryan McGarry, MD, reveals an insider’s view of the dynamic young doctors and nurses who struggle to save lives in an overburdened healthcare system at Los Angeles County-USC Hospital, one of the busiest emergency departments in the country.

The old L.A. County emergency department, “C-Booth,” considered the training ground for emergency medicine, is the initial focal point of the film. C-Booth captures the inspiring and the grisly of medicine in one of America’s first trauma bays. The film zeroes in on doctors and nurses crammed together in the trauma unit, shoulder to shoulder, treating patients with life-threatening situations. These scenes are vivid and alive, albeit gruesome.

The passion and commitment of these medical professionals to do whatever it takes to treat all patients is inspiring. Watching it revitalized my hope about healthcare by shining a light on what truly drives medical providers to enter the profession in the first place. This is the heart of trauma medicine in C-Booth before paperwork, data entry, checklists, HIPAA, and more, enters the provider-patient relationship.  

Flash forward to the site of the new hospital which was rebuilt in 2008. Gone are the cramped quarters with blood stains on the OR floor. For all the new elegance and flow that has replaced the frenetic energy of C-Booth, a distinct and prominent separateness between providers and between providers and patients has settled in. The new hospital allows for current requirements, digital documentation and protocols which C-Booth couldn’t accommodate. 

In a fascinating Q&A after the movie with Ryan McGarry, MD, and Jamie Eng, MD, McGarry explained to our audience that with the new requirements only 1/6 of their time is now spent seeing patients and the rest is relegated toward documentation and digital paperwork.

If doctors only have 10 minutes per patient in the ED and the rest of their time is spent entering information into computer databases, where does that leave the doctor and the patient? This is the vital question posed by Code Black. Even with the Affordable Care Act (Obamacare) there are still as many patients in the ED, if not more. 

The sticking point, however, is that patients need privacy, patient safety checklists, protocols and documentation for quality and continuity of care. If entering billing codes, filling out forms and further data entry widens the chasm between providers and patients, what do we do about it?

This excessive digital documentation is eroding physician satisfaction. In a Forbes interview, Malcolm Gladwell said, “It’s this side of medical practice that wears down even the best physicians.” And that can certainly translate to patient care.

Paperwork or documentation takes up a third of a doctor’s day, particularly with residents who must make clinical decisions with less face-to-face time with patients. With the onset of electronic medical records, this problem has eased only to yield another. “Residents may rely on notes written by other doctors instead of talking to the patients themselves,” Pauline Chen, MD, wrote in her New York Times article, Doctors and Patients, Lost in Paperwork.

There’s no easy solution to reduce the amount of documentation, staff shortages, financial cutbacks and more in hospitals like L.A. County-USC Hospital (and others,) but in Code Black, McGarry and the medical team devise a new approach by initiating care for patients in the waiting room instead of triaging cases simply based on computer data. The doctors and nurses realize that relying on code doesn’t allow them to evaluate patients face-to-face and leaves many suffering miserably in the waiting room, often for 10-18 hours at a time. 

Compassion for patients is what drives this team of medical professionals to put their heads together and come up with a strategy to overcome some of the barriers.

Code Black addresses the very pertinent issue of the provider-patient relationship and the challenges that threaten it. I hope everyone will see it. You don’t have to be involved in healthcare to enjoy it and to be moved by it. It’s a fascinating and dynamic documentary that reveals the heart of medicine and its current obstacles.




Taking charge of your healthcare means taking charge of yourself as a patient and meeting the medical provider half way.  Studies show that if patients are actively involved in care and partner with providers, that they experience better health outcomes and lower costs. See Health Affairs policy brief here.   

But for patients to be active participants in care they must be willing to acquire knowledge about their diagnoses and treatment plans and learn how to navigate our complex healthcare system. This requires motivation to do basic research, to keep track of symptoms and share those symptoms with providers, to understand basic medical information, to ask questions and partner with medical providers in shared decision-making, and to take ownership of medical information.

For patients with serious illnesses and conditions, this can be a part time job. I’ve been there. I had a serious, chronic pain condition for 16 months, and towards the end of it, seeking solutions to my pain took all the energy I had. 

According to the recent WSJ article, The Health-Care Industry is Pushing Patients to Help Themselves, patients are now encouraged to engage in care, to keep track of their medical data, to seek preventive care, and to manage their conditions.

The Institute of Medicine report, Partnering with Patients to Drive Shared Decisions, Better Value, and Care Improvement, highly recommends that patients participate in care and states that the onus is on clinicians to activate patients. There are incentives for providers who show “meaningful use” of technology, including engaging patients and families in decision-making and providing them with their health records and clinical summaries.

Is this realistic to expect clinicians, who are already short on time and dealing with patient overload, to take on the responsibility to educate patients on patient engagement?

With both of my books, The Take-Charge Patient and Critical Conditions, I encourage patients and families to take active roles in care, and illustrate how to prepare for medical appointments, gather copies of pertinent medical records, create symptom diaries, ask questions and do research, create medical histories, and to form partnerships with their providers to share decision-making.

But the information requires patients to take on new roles and attitudes regarding their healthcare and their providers. This can be particularly difficult for some who are from different cultures and might be unfamiliar with the notion of collaborative relationships with physicians.

What about older seniors with multiple medical conditions and cognitive decline who are simply unable to engage in care? They need advocates. We need educational courses or seminars for their advocates and other caregivers. There are many of these seminars, thank goodness, but there must be a way to standardize the information and to reach all people.

I don’t believe that medical providers can shoulder the responsibility of giving patients and their families/caregivers a college course in navigating our healthcare system and how to advocate for themselves or others. There is a movement to reach patients directly, not only educating them on patient engagement but  empowering  them with information. My fellow advocates and I are part of that movement. The National Patient Safety Foundation states that most U.S. patients are relatively uninformed and are still passive recipients of heath care services who lack the confidence and skills necessary to engage as proactive patients. If that’s true, then we need to expand and deepen the outreach.

Patients need step-by-step directions at the ground level in their primary language, as do their advocates/caregivers. We can focus on health policy change, focus on meaningful use through providers, education and information tools through providers and advocacy organizations, which is absolutely necessary. But until patients are educated directly by an outside source, in addition to what providers offer, we’re looking at some possible long-term challenges.

There is still too much of a power imbalance between patients and physicians for information on patient engagement to be received in ways patients can adequately put to use. Patients can be intimidated by providers and some worry about creating conflict that could affect their care. How can patients integrate information provided by their physicians and nurses at a time when they are being seen for illnesses and conditions? I know I can’t. 

For example, take a sixty-five year-old man who sees his doctor, having put off a visit because he dislikes seeing doctors, and hasn’t seen one in a couple of years. He’s had abdominal pain for a few weeks and isn’t feeling well, maybe even anxious in the doctor’s office. At the time he’s given a diagnosis and possible treatment plan, he is also being educated on how he can be an active participant in his healthcare, including how to access his medical records, how to partner with his physician, and more. All this person probably wants at that moment is to feel better. But he’s being coached on patient engagement at the same time he’s being evaluated.

Patients should be educated about their role in care at a time when they are not seeing providers for diagnoses and treatment plans. This information should be presented in required courses in high schools and colleges, through government sponsored seminars in a variety of modes so everyone has access to the information. Not everyone is internet savvy. The information should be taught via live seminars to those who need it most, including people in low-income and rural populations and those who have recently gained access to healthcare.

At the very least, why can’t hospitals and healthcare organizations send out ambassadors of health, for lack of a better term, to local community groups, to offer free seminars to the patient population? This would not only provide education in a comfortable environment for patients and families, but could potentially expand their customer base.

I feel this is an urgent, unmet need the system must address. Everyone, on all sides of the table, is doing their best to change how healthcare is delivered and received. If standardized patient education were available to the masses, the goal of increased empowerment and engagement would be in reach.