• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
  • Technologies
    • Artificial Intelligence (AI)
    • Cardiovascular
    • Orthopedics
    • Neurological
    • Diabetes
    • Surgical Robotics
  • Business & Finance
    • Wall Street Beat
    • Earnings Reports
    • Funding Roundup
    • Mergers & Acquisitions
    • Initial Public Offering (IPO)
    • Legal News
    • Personnel Moves
    • Medtech 100 Stock Index
  • Regulatory & Compliance
    • Food & Drug Administration (FDA)
    • Recalls
    • 510(k)
    • Pre-Market Approval (PMA)
    • MDSAP
    • Clinical Trials
  • Special Content
    • Special Reports
    • In-Depth Coverage
    • DeviceTalks
  • Podcasts
    • MassDevice Fast Five
    • DeviceTalks Weekly
    • OEM Talks
      • AbbottTalks
      • Boston ScientificTalks
      • DeviceTalks AI
      • IntuitiveTalks
      • MedtechWOMEN Talks
      • MedtronicTalks
      • Neuro Innovation Talks
      • Ortho Innovation Talks
      • Structural Heart Talks
      • StrykerTalks
  • Resources
    • About MassDevice
    • DeviceTalks
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Webinars
    • Whitepapers
    • Voices
Home » Exploiting privacy breaches: The info-security cold war

Exploiting privacy breaches: The info-security cold war

November 14, 2011 By MassDevice Contributors Network

By John D. Halamka, MD

Dr. John Halamka

I’ve described information security as a Cold War, requiring constant investment and vigilance to innovate faster than the hackers and criminals who are stealing data to commit identity theft.

I’m spending an increasing percent of my resources on regulatory compliance and data protection.

Over the past year, Federal and State governments have

1. Specified standards to protect health care data during transport
2. Required encryption of data at rest.

3.  Required breach notification to patients and prominent media 
4. Created policy to define meaningful consent and other important patient privacy rights
5. Launched a new initiative on data segmentation in an effort to support more granular health care privacy preferences

CIOs and Chief Information Security Officers are working as hard as they can, hackers are intensifying their attacks, and the world is accelerating its adoption of mobile technologies that make perfect control of data more challenging. Despite all our efforts, breaches will occur. Even the most sophisticated security companies have been breached by increasingly sophisticated malware.

There’s a dark side to all of this that is the subject of today’s blog post – using the new privacy breach reporting laws for personal gain.

There are many good attorneys. My parents are attorneys (patent and business law). Some of my favorite colleagues are attorneys working hard in the public interest (Deven McGraw at CDT, Jodi Daniel  at ONC).

As with any profession there are those attorneys who use the law for personal gain. Here’s a list of privacy breach class action suits, comparing payments to attorneys versus their clients. 

There are many good investors. Accelerating new technology by providing funding to those who can build high value businesses is a good thing. As with any profession, there are investors who put profits ahead of societal benefits.

I’ve heard discussion about an alarming new business model. Investors paying attorneys to file class action suits related to privacy breaches in return for a portion of the profits.

Privacy Breach reporting is now public. Identifying a class is easy.

However, if the risk of harm from the privacy breach is low, attorneys may not want to bear the expense and burden of filing a suit, given that recoveries might be minimal. If investors underwrite the risk, realizing that most health care organizations will want to settle rather than spend time and resources on litigation, we’ll likely see a lawsuit following every reported privacy breach.

To me, there are different kinds of privacy breaches – those which are caused by true carelessness and those which occur because of sophisticated attacks that the Pentagon could not even repel. We should hold organizations accountable for implementing best security practices to protect privacy. We should report breaches to patients and prominent media, since breach reporting regulations provide a great incentive to invest in appropriate security. However, we should do this in an effort to enhance the society we live in, not generate profits.

As we all work together on electronic health records and health care information exchange, let’s try to create regulations that do that right thing

1. Protect the data
2. Respect patient privacy preferences
3. Recognize the difference between hard to prevent breaches and those that occur because basic protections were not in place

Investing in class action suits that asymmetrically benefit the finance and legal professions is not something that benefits society. 

As the eternal optimist, I’m convinced we can all work together for the common good and make every day better than the last. If you hear about someone using privacy breach reporting for their own personal gain, shout out that it’s the wrong thing to do.

In addition to his CIO role at BIDMC, Dr. Halamka blogs at GeekDoctor.blogspot.com.

Filed Under: Electronic Medical Records (EMR), Health Information Technology, News Well Tagged With: Beth Israel Deaconess Medical Center, Life as a Health Care CIO

More recent news

  • Real-world data backs Route 92 reperfusion system
  • LivsMed unveils new surgical robot with telesurgery capabilities
  • JenaValve enrolls first patient in TAVR for AR study
  • HistoSonics expands insurance coverage for histotripsy treatment
  • Johnson & Johnson MedTech gets updated FDA nod for Varipulse PFA

Primary Sidebar

“md
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest med device regulatory, business and technology news.

DeviceTalks Weekly

See More >

MEDTECH 100 Stock INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy