Chapter 1: The Reality of Data Breaches

Data breaches are a pressing concern, especially when they involve personal information. The frustration felt by data engineers is amplified when institutions mishandle sensitive data. The alarming frequency of such incidents should be concerning to anyone, even those with minimal technical expertise. The gap between the actual events and the expected protocols during data breach situations explains why penalties for companies like Sephora and Google barely resonate with the average consumer or patient.

Often, those organizations that exhibit careless data practices find themselves facing individuals who are not only knowledgeable about their rights but are also prepared to take action. My experience with a medical institution in the southeastern United States serves as a case in point. After a routine visit to a walk-in clinic, a family member received an unexpected call regarding a bill for someone else, sent to an outdated address, and their visit details were shared with an unrelated email address.

If you find yourself in a similar situation, medical facilities may downplay the severity of the incident, labeling it as a "system error" or an innocuous "mistake." However, it is essential to recognize that these issues are often more complicated than they appear and may constitute a violation of state data governance regulations and HIPAA. It's crucial to understand that a data breach doesn't always stem from a technical malfunction; it can also result from lapses in procedures or human error.

Chapter 2: The Human Element in Data Management

The failures leading to data breaches often arise from human mistakes. While the narrative often focuses on external threats, such as hacking, the reality is that many breaches occur due to internal oversights. A study published in the Journal of Organizational and End User Computing revealed that a staggering 90% of spreadsheets with over 150 manually entered rows contain at least one error. When patients handwrite their information on intake forms, the potential for inaccuracies increases significantly.

In my family's case, the intake form included updated contact information, which was then mishandled by the staff. The error could have originated during the manual entry process, but there is another alarming possibility to consider. Data infrastructure aims to collect accurate information for insightful analysis. When gaps appear, systems may default to older data, which can lead to serious complications.

For example, if a system detects a missing email field, it may revert to an older entry, potentially exposing patients to outdated or incorrect information. While retaining historical medical records is beneficial for diagnosis, holding onto personally identifiable information (PII) for extended periods can be problematic. Regulations like the EU's General Data Protection Regulation (GDPR) emphasize the importance of data relevance, yet U.S. laws remain less stringent.

Long-term storage has its merits for medical history, but it’s less clear whether retaining PII for over a decade is necessary. Individuals change, and so do their contact details. Relying on outdated information can lead to dangerous situations, highlighting the need for better data handling practices.

The video titled "United States of Secrets, Part One (full documentary) | FRONTLINE" explores the implications of data privacy breaches and the responsibilities of institutions in safeguarding personal information.

Conclusion: Advocating for Data Protection

The story of my family's experience with data mishandling is not merely a cautionary tale; it serves as a reminder that many institutions may lack proper education and accountability regarding data management. As patients, it is essential to advocate not just for our health but also for the protection of our personal data.

While there are numerous advertisements for medical malpractice attorneys, the issue of data breaches deserves equal attention. We must remain vigilant and proactive in ensuring that our sensitive information is treated with the care it deserves.

I invite you to take a moment to participate in a brief 3-question survey to share how I can better assist you beyond this blog. Every response will receive a complimentary gift.