Health leader: Information ‘more secure’ under network

Laura McCrary said some people are wary of having their records available on a network because they worry the information might be shared or used inappropriately.

But patient privacy would be better protected with the new system, said McCrary, chief executive of Kansas Health Information Network, or KHIN, which is part of the technical backbone of the new statewide health information network.

“This is a much more secure way for records to be shared between providers than what we currently have with faxing. Faxes never arrive, faxes are picked up by the wrong person, faxes are collated incorrectly, parts of faxes are missing — those are part of the reason that medical care is not as safe as it could be,” she said.

Dr. Joe Davison, the KHIE board chair and a doctor who practices with West Wichita Family Practice.

Health information networks are not immune to breaches, said Dr. Joe Davison, the Kansas Health Information Exchange board chairman and a doctor with West Wichita Family Practice.

“As you can imagine, when records are on paper and there are breaches or lost records, they tend to be small losses. Unfortunately, what health information technology will allow is huge amounts of data loss,” Davison said.

“In this country we have a pretty good record for keeping other big data systems safe, such as our financial data. But even with that we have seen some breaches. So this is one of those cost-benefit analyses that everyone needs to make,” Davison said. “If you add up all the factors, I think you’ll find that the benefits far outweigh the negatives.”

Since 2009, federal law has required that all breaches of health records affecting 500 or more patients be reported for posting on a website maintained by the U.S. Department of Health and Human Services.

Of the 435 breaches listed on, 40 involved hacking or other unauthorized access of a network server. The largest one exposed the information of 780,000 patients of the Utah Department of Health sometime between March 10 and April 2.

The rest of the breaches since 2009 affected patient information not on a network.

Theft, improper disposal and other unauthorized access have led to 109 breaches of paper-based health information. The largest one occurred Jan. 1, 2011, and affected 175,350 patients of Accendo in Arizona.

The remaining 286 breaches involved some other storage media, such as desktop computers, laptops, external hard drives or other portable storage devices. The largest one of those occurred Sept. 13, 2011, when TRICARE Management Activity in Virginia lost backup tapes that included information on 4.9 million patients.

Three breaches have happened in Kansas, all involving stolen laptops. On Jan. 11, the Kansas Department on Aging had information on about 7,757 patients exposed via a stolen laptop. The other breaches were in 2010 and affected 1,105 patients of Occupational Health Partners in Salina and 1,200 patients of Dr. Matthew Conrad, a Wichita plastic surgeon.