Originally Posted by kerryann
My OB/GYN has an all electronic office. I had a long talk with him about his data security practices since I am an Information Security Manager, and what he didn't say was he was sending my records to either the insurance company or the government. He sends the billing company a medical description code of the service he performed for billing. He is going to email me tomorrow so I will ask him if he's sharing my info with uncle sam.
Most offices have the patient files in unlocked cabinets. The records are no more secure than a rock and a window.
Most doctors as you describe have patients numbering in the hundreds, or perhaps thousands at best. Any facility with substantially more patients has a filing system and/or building access level that is generally more substantial than requiring a rock to overcome.
If I recall correctly, one of the the last federal breaches involving a contractor, his stolen laptop and data he should not have had in his possession in the first place numbered in the tens of thousands - and potentially is easily foreseeable to be in the millions.
I've seen how a regional Government manages information, and builds systems - and one of the better ones at that. Let's not forget who we're talking about here. Let's also not forget, that when the private sector creates the problem they are held liable. The Government at every level is virtually never held accountable, let alone liable.