All your mentally ill children are belong to us

[Secret Squirrel]

hakkin at sarin.com (Khoder bin Hakkin) writes:

> I think people have not quite gotten their hands around the speed
> at which information can be disseminated online. -Monica Lewinsky,
> LATimes 9 may 01
>
>
> http://www.latimes.com/news/nationworld/nation/la-110701private.story
>
> November 7, 2001
>
> Web Mishap: Kids' Psychological Files Posted By CHARLES PILLER, Times
> Staff Writer
>
> Detailed psychological records containing th innermost secrets of at
> e least 62 children and teenagers wer e accidentally posted on the
> University of Montana Web site last week in one of the most glaring
> violations of privacy over the Internet.
>
> The 400 pages of documents describe patient visits and offer diagnoses
> by therapists of mental retardation, depression, schizophrenia and
> other serious conditions.
>
> In nearly all cases, they contain complete names, dates of birth and
> sometimes home addresses and schools attended, along with results of
> psychological testing.
>
> Unlike a medical file left open on a counter in a doctor's office,
> these electronic medical records, once placed on the Internet,
> were exposed to a potentially vast audience. "You're talking about
> sensitive information that could scar a child for life being available
> to anyone for any purpose," said Evan Hendricks, editor of Privacy
> Times newsletter.
>
> The mother of an 11-year-old, whose records of an attention
> deficit/hyperactivity disorder were posted on the university's Web
> site, was appalled. "He's just a kid, and he shouldn't have his whole
> life splattered around for the whole world to know. It makes me sick,"
> she said.
>
> The mother declined to be identified. She recalled attending her son's
> therapy sessions and watched the therapist "taking notes in her book,
> and [I] thought maybe that was the extent of it. I guess I was kind of
> naive about that."
>
> The medical files were placed on the University of Montana Web site
> Oct. 29 and were available for eight days. The files were removed
> Monday after a local paper, the Missoulian, reported the story,
> university officials said. The records were for patients at clinics
> mainly in Minnesota, as well as in Montana and other states.
>
> A University of Montana student or technical employee may have
> accidentally placed these private files on the Web site, officials
> said.
>
> It is unclear how many people viewed these records.
>
> The Montana case is the latest in a series of unauthorized disclosures
> of medical data over the Internet. Earlier this year, Eli Lilly & Co.,
> maker of the antidepressant Prozac, inadvertently divulged the names
> and e-mail addresses of 600 psychiatric patients in a mass e-mail.
>
> Similarly, Kaiser Permanente last year sent e-mails with confidential
> medical information to the wrong Kaiser members.
>
> "That's the danger with having all of these electronic records," said
> Daniel B. Borenstein, a former president of the American Psychiatric
> Assn. and a UCLA professor.
>
> "If you push the wrong button or put something in the wrong spot on
> your Web site, it [can mean] immediate distribution of a massive
> amount of private medical information," Borenstein said.
>
> Last year, a Nevada woman bought a used computer only to find that
> its previous owner, a drugstore, had left the pharmacy records of
> thousands of patients on the machine's storage drive. But the buyer
> did not publicly disclose the records.
>
> Also last year, a computer hacker broke into the medical records
> system at the University of Washington Medical Center and gained
> access to some 4,000 patient records--although these were not made
> public.
>
> What sets the Montana incident apart is the youth of the patients, the
> amount of detail disclosed and its placement on a public Web site that
> allowed complete access to private records.
>
> The detailed accounts by therapists reveal children suffering from all
> manner of emotional problems:
>
> "[She] has 'extreme mood swings' and is very aggressive with her
> sisters and other children," read one file about an 8-year-old girl
> diagnosed with autism and mental retardation. "She has been cruel to
> animals, . . . often refuses to eat and will make herself vomit."
>
> An 8-year-old boy was described as suffering from "anger outbursts,
> gender identity issues" and bed-wetting.
>
> Raymond Ford, the University of Montana technology manager, said the
> incident is under investigation. "We have no evidence that this was
> malicious--all the evidence that we have suggests that the person
> who uploaded [the patient files] probably had no idea what [he was]
> doing," he said.
>
> But once the records were placed on the school's Web server, a
> computer that manages its online files, they became available to
> Internet search engines and were visible to casual Web surfers who
> requested a keyword contained in a patient's record.
>
> For example, a search for "confidential" or "neuropsychological"
> turned up dozens of these medical records. Those files could then be
> copied to the computer of any visitor.
>
> Therapists whose patients were involved were stunned by the lapse.
>
> "I'm shocked. I have no idea how this can happen. Obviously, this
> information is confidential, and we go to great lengths to keep it
> confidential," said Bonnie Carlson-Green, a psychologist at Children's
> Hospital in St. Paul, Minn., the source of some of the patient
> records.
>
> Ford said the university will attempt to tighten its Web security, but
> that it must depend on users' vigilance and care to restrict private
> materials.
>
> Medical records experts said the university has an ethical obligation
> to inform the patients' parents.
>
> "The least the [university] can do is contact the families and let
> them know that there was this error and the steps they've taken to
> correct it," Borenstein said.
>
> "There should be special privacy protections for all medical records,
> even more special protections for disclosure of any psychiatric
> records," because of a real threat of discrimination against people
> whose treatment for mental illness becomes known, Borenstein said.
>
> Borenstein fears that fewer people will seek treatment if they think
> their private information may be accidentally disclosed.
>
> Many psychiatrists are so concerned about inappropriate electronic
> disclosure of medical reports that they write only cryptic comments in
> patient records, trusting the rest to memory, Borenstein said.
>
> David Aronofsky, the University of Montana's attorney, said accidental
> online releases of private legal or medical information are not
> unusual and are corrected quickly.
>
> Patients and medical institutions have not been contacted about
> the release of these records. They will be contacted if it seems
> necessary, after the internal investigation is concluded, Aronofsky
> said. "We're not understating the significance of what happened here,
> nor are we trying to cover it up," he said.
>
> Fiona Anderson, a University of Minnesota psychologist whose patient
> records were among those released online, said the records may have
> been removed against her institution's rules.
>
> "As things become more electronic and more easily accessed . .
> . edited and altered, it's difficult for our ethical rules and
> guidelines to keep up with the technology," she said.
>
> But such victims of accidental disclosures face steep legal challenges
> to gain compensation, said Peter Swire, a law professor who was chief
> privacy counselor for the Clinton administration.
>
> Part of the problem is new, more stringent federal standards for
> medical records privacy will not take effect until 2003, and state
> regulations vary widely.
>
> Posting a private document online--no matter how injurious it may
> appear--can cause legal liability only if the victim can prove damages
> in court.
>
> "What if one of the patients has something bad happen to him or her as
> a result of this disclosure--if they are turned down for a job later
> in life?" Swire said. "This is where you are open to a [legal] suit."
>
> As more medical records are stored digitally, routine electronic
> disclosure to insurers and health maintenance organizations has
> increasingly troubled some clinicians and privacy advocates,
> although such transfers are legal and often required for provider
> reimbursement.
>
> Paul Appelbaum, president-elect of the American Psychiatric Assn.,
> said patients should be given the option of having their information
> kept on paper.
>
> A few health-care providers, such as the Harvard Pilgrim HMO, offer
> such an option.
>
> The alternative for patients may be decreasing control over their
> medical histories.
>
> Appelbaum added: "The mobility of electronic information is almost
> unlimited."
>
>