Patients of Dr. Nisar A. Quraishi, an internist in with a private practice in Jersey City, NJ may have had their medical records stolen and are now potential victims of identity theft. Patients who have seem Dr. Quraishi between 1982 and 2009 have had their records stored in a shed behind the office and just last week this shed was broken into and records stolen. Some 40,000 records were taken and included personal information such as social security numbers, dates of birth, medical histories and home addresses.
The office where the shed is located is an empty office – it is located at 1 Chopin Court in Jersey City. The doctor is listed as a specialist of internal medicine and since 2014, a clinical assistant professor at the NYU Langone Trinity Center in New York. The stolen items did not contain records from Langone Center, just records from the private practice.
People often wonder about the security of their electronic health records. The federal government put in place the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to ensure you have rights over your own health information, no matter what form it is in. They also created the HIPAA Security Rule to require specific protections to safeguard your electronic health information.
The HIPAA Privacy Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Some things that can also help with security and that are built into many EMR systems include encryption of data, necessity of passwords and PINS to access data, and an ‘audit trail’ so that it is know who has accessed records. These are all standardly used throughout many different industries. If any breach occurs, it is required by federal law that the patient be notified of the breach.
While many people feel that electronic records may be more easily compromised, this Jersey City incident just goes to prove that there are many insecure paper medical records out there as well and no matter the form of your records, doctors must use best practices to make sure that the records are safe and secure.