As the recent WikiLeaks disclosures continue to make headlines across the globe, I can not help but reflect upon what this means for healthcare privacy.
Why are these classified documents so “sensitive” in nature, that the White House believes their dissemination will risk the cause of human rights? There are at least two obvious reasons: First, the disclosures are embarrassing from a public relations standpoint, because they chronicle communications which were meant to remain confidential indefinitely. Second, some of the disclosures are substantively sensitive from a national defense perspective.
The White House is pulling no punches when it comes to how it feels about the organization, and made the following statement earlier this week regarding the disclosure of the diplomatic cables:
“By releasing stolen and classified documents, WikiLeaks has put at risk not only the cause of human rights, but also the lives and work of the individuals. We condemn in strongest terms, the unauthorized disclosure of classified documents and sensitive national security information.”
In light of the WikiLeaks disclosures, Dr. Westby G. Fisher, Clinical Associate Professor of Medicine at University of Chicago, summed up his concerns about healthcare privacy earlier this week: “While a single individual’s private healthcare information may not carry the gravitas of wartime communiqués, each of us deals with famous patients who might not want their diagnosis, HIV status, or drinking history spread far and wide.” Dr. Fisher makes a valid point, but I am not so quick to panic. While I think the privacy concerns extend beyond “famous patients,” I have faith that the HI-TECH Act will promote safeguards to effectively protect healthcare data. You can read my recent article on Electronic Health Records and the HI-TECH Act here. As I will explain later in this article, the Pentagon’s data-sharing network was grossly flawed and too easily accessible. It is my hope that the “takeaway” from this entire WikiLeaks issue will be a lesson learned by our Nation’s IT professionals. In other words, this “fiasco” will hopefully lead to an increased focus on Healthcare information technology and security in the future.
With roughly 250,000 documents released by WikiLeaks and with the aid of some popular media outlets, the ramifications of the diplomatic cables will be far-reaching. My initial thoughts were mixed: perhaps this latest WikiLeaks embarrassment will sound the alarm bells for governments and private industries to protect sensitive information more closely; perhaps it will lead to the development of more sophisticated information technology tools and training methodologies. On the other hand, it is impossible to ignore the obvious – that the United States government failed to prevent a massive theft of classified data. As a result, the logical question raised is “how we can expect, in the future, government agencies (federal, state, or local), or even private industries, to keep sensitive data confidential?”
In my recent article on the importance of Electronic and Personal Health records, I discussed why the electronic storage of medical information is beneficial to patients, and how the use of smart health information technology can save money and lives. There is no denying that we are living in the “information age,” and to resist this transition would be counterintuitive and counterproductive. But, we also are living in the post-9/11 era. Thus, we must strike a balance between our privacy rights & expectations, and our safety.
Many Americans are wondering how hundreds of thousands of classified documents could be released in such a fashion. The answer seems to be that the security measures in place were rooted in good faith, albeit somewhat reckless in hindsight. Following 9/11, the government sought to implement a more free-flowing data network so that federal agencies could exchange information more quickly. Analysts quoted by VOA News say, “the WikiLeaks disclosures can be traced in part to changes instituted in the aftermath of September 11, 2001 …The 9/11 Commission sharply criticized intelligence agencies for failing to share critical information with each other that, when combined, might have revealed and perhaps thwarted the plot.” As a result, the Pentagon created a network called the Secret Internet Protocol Router Network (SIPRNet). Although the network limited information to persons with a security clearance from either the State or Defense agencies, the threshold was too low. According to officials, a 23 year-old Army Private First Class (PFC) downloaded the documents and later transferred them to WikiLeaks. The rank of PFC is the third lowest in the Army; thus, the “Wikileaks fiasco” may be an example of the balance between privacy and safety having been too far skewed towards notions of the latter.
Below is a chart that represents the sources of the leaked cables. As you can see, they all came from U.S. agencies and Embassies.
With almost every media outlet reporting on the recent WikiLeaks disclosures, it is my hope that, after all is said and done, America will emerge with a new-found appreciation for data security. In light of the WikiLeaks disclosures, it is vital that our federal and state governments institute laws, security measures, and protocols that will ensure that private medical records are kept out of the hands of thieves, extortionists, organized criminal enterprises, and non-government political groups. Most of us would have probably thought that a 23 year-old private first class officer would not have access to the documents released this week. Perhaps it is time to start asking questions, the goal being to learn from this unfortunate situation and hence pay more attention to safeguarding our data in this “post-9/11, information age.”