Thursday, November 19, 2009

Indian Outsourcer Arrested for Selling British Patients' Medical Files

No matter what outsourcing agency is used there must be policies and followup to assure that a breach doesn't happen. With Healthcare data a breach can not be revoked, so care must be taken to prevent it. This will get more difficult as the location of the data being operated on is less defined by it's physical location, e.g. when managed in 'the cloud'.
Police in India have arrested the chief of an outsourcing company for allegedly selling British patients' medical records.  Vikas Dhairyashil Bansode and his accomplices claimed to have obtained the data from IT companies in India that were hired to computerize medical records. According to the UK's Data Protection Act, it is illegal to send this sort of information outside the country unless its security can be guaranteed.  The compromised information includes addresses, dates of birth and details of medical conditions.  The police began to investigate Bansode and his accomplices following a documentary that aired in October in which the filmmakers posed as individuals who wanted to buy medical information so they could market health-related products pertinent to the individuals' situations. More and More