As I noted in previous installments of this series, our government seems to have an increasingly hard time keeping tabs on sensitive data. Unfortunately, there's been another incident on this front. The Washington Post reported this morning that:
"A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years' worth of clinical trial data, including names, medical diagnoses and details of the patients' heart scans. The information was not encrypted, in violation of the government's data-security policy. NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until last Thursday -- almost a month later. They said they hesitated because of concerns that they would provoke undue alarm."
Undue alarm? Geez, I can't imagine why! My friend Leslie Harris of CDT notes in story that, "The shocking part here is we now have personally identifiable information -- name and age -- linked to clinical data. If somebody does not want to share the fact that they're in a clinical trial or the fact they've got a heart disease, this is very, very serious. The risk of identity theft and of revealing highly personal information about your health are closely linked here."
But hey, we wouldn't want to provoke "undue alarm" by telling those folks about the data breach! Pathetic. As I've pointed out before, if this happened in the private sector, trial lawyers would be salivating and lawsuits would be flying. By contrast, when the government loses personal information—information that his usually more sensitive than that which private actors collect—about the most that ever comes out of it is another GAO report calling for “more accountability.â€
I can't wait to see how well all our health care records are "secured" once we have socialized medicine in this country.