Study: File-Sharing Tools Could Put Personal Health Data at Risk

Physicians who use file-sharing software on their computers could inadvertently put their patients' health and financial information at risk, according to a recent study published in the Journal of the American Medical Informatics Association, the Montreal Gazette reports.

Researchers say the study is the first to examine the way personal health information is disclosed through file-sharing applications.

For the study, researchers from the Children's Hospital of Eastern Ontario in Ottawa used popular file-sharing software, such as LimeWire, BitTorrent and Kazaa, to analyze the IP addresses of millions of computers in the U.S. and Canada.

The year-long study analyzed 23 million to 24 million files. It found that personal health and financial information could be accessed through a simple search in 2% of Canadian files and 5% of U.S. files (Stone, Montreal Gazette, 3/2).

Some of the information that researchers found included:

  • A medical authorization form that contained patient insurance information and other data;
  • Another medical authorization form that included a patient's Social Security number, medical history and current medications; and 
  • Numerous files that contained personal banking information such as credit card numbers, passwords and PINs.

Recommendations

Researchers advised both physicians and consumers to exercise caution when using file-sharing tools.

They also urged physicians to take extra steps to ensure that personal health information remains protected (Merrill, Healthcare IT News, 3/5).

Jeff Brandt
Many Health IT personnel have no idea about security, even at the very rudimentary levels. This is the same in many offices across the USA. It is managements responsibility to make sure customers data is protected. Jeff Brandt www.comsi.com
Tony Ponder
My initial question is "why is sensative data being sent unencrypted across mediums that allow public access? Why is it not a requirment to have this information transferred in a secure environment? Why haven't we learned from the mistakes made by the banking industry and credit card companies and implemented stricter policies and procedures in transmitting patient information? Tony Ponder Student, MSHI University of Alabama at Birmingham

to share your thoughts on this article.