open access: Protecting Patient Privacy and Data Security — NEJM

Protecting Patient Privacy and Data Security — NEJM

"On December 4, 2012, two Australian radio DJs called London's King Edward VII's Hospital, identified themselves, in fake British accents, as Queen Elizabeth and Prince Charles, and asked about a celebrity patient who had been admitted for pregnancy complications. A nurse, filling in at the reception desk in the early morning hours, answered the phone and, without attempting to verify the callers' identities, transferred them to the duty nurse caring for the Duchess of Cambridge. The duty nurse then provided them with confidential patient information.1 The Australian DJs broadcast the phone call, considering it a humorous prank, but as the world knows, it had disastrous consequences.
How confident are U.S. hospitals, nursing homes, and physicians' offices that their staff would appropriately deny patient information to an unknown caller?
Too often, unauthorized people succeed in extracting protected information from health care providers. Invasion of privacy also affects noncelebrities, when anyone seeks health information the patient has not chosen to share. More often, though, scam artists seek patients' billing information for financial gain. The patient's insurance identifier is then used by an uninsured person to obtain medical services or by a fraudulent health care provider to bill for medical services that were never rendered...........