1. Archive

AIDS list is out // Leak sparks security fears

The leak of a confidential list of Pinellas County residents with AIDS has rekindled a nationwide fear that the proper handling of sensitive medical records is sorely lacking.

Privacy and patients-rights experts warned that the release of a computer disc with close to 4,000 names could have far-reaching implications.

"This is a privacy advocate's worst nightmare," said Beth Givens, director of the Privacy Rights Clearinghouse at the University of San Diego Center for Public Interest Law.

"This is exactly what our concerns are about," said Dr. Denise Nagel, a practicing psychiatrist and president of the National Coalition for Patient Rights in Massachusetts. "The biggest risk to a patient's medical information in computers does not come from outsiders, but from the people who have access to them every day."

The impact reaches beyond people on the Pinellas AIDS list or anyone considering an HIV test.

Nagel said a growing public perception that medical records are not secure will discourage people from sharing information with their doctors or even seeking medical help.

Florida officials are investigating whether a state employee used a computer disc to copy confidential AIDS records.

The incident undermines a common belief that the greatest threat to the security of medical records _ or any other computerized information _ is from computer hackers or some other external assault, Givens said.

More than 90 percent of the cases of inappropriate access of computer files comes from insiders, Nagel estimated.

"And this is exactly the worst kind of offense _ of privileged, personal information which people share in order to get health care and treatment," she said.

Patrons at the Bedrox bar in Treasure Island, where an anonymous letter alleged an HRS worker bragged about having the computer file, all expressed the same concern that the threat to confidentiality might damage the whole system for detecting and treating AIDS.

"Obviously, this has been the fear all along _ that something like this would happen," said Pat Deloia of Clearwater, who went to Bedrox Thursday afternoon with his partner, Rick Hale.

"If this causes some people to wait to get tested, or to hesitate to get treatment, something like this could really snowball," Hale said.

It also could have job implications, another patron said.

"If you're on a list saying you have HIV and you worked somewhere that wasn't cool with it, that would be your last day," said Mike Crosby, a Columbus, Ohio, resident visiting Pinellas and the Bedrox bar Thursday.

David Sobel, legal counsel in Washington for the Electronic Privacy Information Center, argued that the Pinellas records should have been encrypted or coded to prevent such easy access. And the computer system should produce an audit trail _ in effect a fingerprint of the user _ to discourage anyone from making an unauthorized copy.

The proliferation of computers to store large amounts of sensitive data only compounds the problem of security. When records were stored on paper, the sheer bulkiness of the information discouraged any large-scale theft.

But computers now permit massive volumes of data to be transferred quickly _ and possibly anonymously _ to a small disc that can be carried away in a shirt pocket.

"People always stole medical records," Nagel said. "But they had to dress up in white coats, go to a medical records room, pretend they were somebody else and then ask for the records. And maybe they got two or three or even five files _ but not (4,000)."

The Pinellas case is not the largest security breach of medical information, but it may be the largest in the case of AIDS records.

In 1993, computerized records at Jackson Memorial Hospital in Miami were stolen. They contained the names of more than 6,000 HIV-positive people. But after making an arrest, investigators believe the inside job targeted computer equipment, not the records.

More often, computerized medical records are compromised by weak or sloppy security. In Jacksonville, for example, a 13-year-old daughter of a hospital clerk rifled through computer records, then called a few patients to tell them they tested positive for AIDS or that they were pregnant. The girl was not charged.

"As long as you have any human being who has access to this information, it's very hard for me to imagine how you could prevent the person who has access to it from somehow violating people's confidentiality," said Dr. Tom Newman, a professor who helped design computer security for medical records at the University of California in San Francisco.

_ Staff writers Stephen Hegarty and Sue Landry and researcher Kitty Bennett contributed to this report.

How the AIDS surveillance system works

Where the information comes from:

Florida law requires health care providers in each of the state's 67 counties to report cases of AIDS _ in January, HIV cases also will be reported _ to their health departments. Patient information, including names, addresses, phone numbers, health data, source of infection and other personal information, is collected and held at the county health departments. The files are kept indefinitely, even after a person's death. Names are deleted only if a person is determined not to have the disease.

How it's stored

Each county in Florida maintains its own detailed information about people with AIDS to prevent duplicate reporting. In Pinellas, the information is at the Health Department in St. Petersburg. The computer holding the information there is kept in a double locked room. The computer itself has a key lock and a password system that allows only one try before blocking further attempts to enter. Records on paper are kept in a locked file in the same room. Only three people in Pinellas have access to the computer and its information.

Where it goes

Information about new cases of AIDS is coded and forwarded without names to the Centers for Disease Control in Atlanta. Data, also without names, also are shared with the state Department of Health and Rehabilitative Services.