First Do No Harm: A Medical Professional's Obligation to Protect Patient Data

Healthcare organizations need to take proper measures to protect their patients’ privacy and comply with HIPAA’s regulations.

1 October 2013


When a patient sees a doctor, the patient is entrusting the doctor with his or her most sensitive information - like medical data, health insurance IDs and social security numbers. The doctor who is left with this information has promised to “first do no harm,” meaning that his or her first consideration is the patients’ well-being - which includes protecting their privacy. Unfortunately, sometimes ensuring confidentiality of patients’ data is outside of your control, like in the case of the Advocate Medical Group of Chicago’s recent data breach.

Advocate’s data breach is only one of numerous recent global medical breaches. According to a 2012 report from the U.S. Department of Health's Office of Civil Rights, in just three years, nearly 21 million patients became victims of medical record data breaches. Recently, medical testing laboratory LabMD was accused of exposing personal information of more than 9,000 customers on a peer-to-peer file sharing network. The authorities found that identity thieves had access to documents containing names, Social Security numbers, and bank account information for at least 500 people - a result of the organization failing to take proper security precautions in handling sensitive data.

It is scary to think about personal information being exposed. And it’s even scarier to know that thieves and hackers can retrieve medical data to do harm to patients - like by creating fake provider IDs and implementing insurance fraud.

Ultimately, healthcare organizations need to take proper measures to protect their patients’ privacy and comply with HIPAA’s regulations. In one of my previous blogs, The Impact of HIPAA and HiTech on Information Storage and Sharing in the Healthcare Industry, I discussed the ways in which a secure collaboration platform can help health care professionals protect their patients’ privacy. By enforcing this type of service, professionals can reduce the risk of attacks and protect sensitive data.

Britany DiCicco

Britany DiCicco

Britany DiCicco supports the enterprise product marketing team at Intralinks focusing on market analysis, positioning, messaging and go-to-market initiatives. Britany’s previous experience at Intralinks included analyst relations, competitive intelligence, and marketing. She graduated from Northeastern University with a degree in Economics.