Privacy and Information Systems

The Health Insurance Portability and Accountability Act, or HIPAA, is used to categorize medical data and determine what is “safe” for use in research studies and what is not (Krishna, 2007, pg. 655). The regulations can only do so much in protecting patient data, though. Once again, the user is ultimately responsible for the confidentiality and security of the data. A professor at the University of Pittsburgh Medical Center was recently found to have published a couple of files on the hospital’s web site which contained confidential patient information. On April 10, 2007, UPMC was informed of the breach. A “preliminary investigation has determined that the names and social security numbers of approximately 80 patients were disclosed in a professional presentation that was prepared by a former University of Pittsburgh faculty member for a medical symposium that took place in 2002” (UPMC, 2007). The presentation also contained radiology exam dates, results and some other related medical data.