As the Obama administration pushes ahead with plans to increase the use of electronic medical records, two internal reports released by the Department of Health and Human Services revealed “significant concerns” about security gaps in the system. The Office of the Inspector General found “a lack of general [information technology] security controls during prior audits at Medicare contractors, State Medicaid agencies, and hospitals.” The investigation audited computer security at seven large hospitals in different states, and found 151 major vulnerabilities, including unencrypted wireless connections, easy passwords, and even a taped-over door lock on a room used for data storage. The auditors classified 124 of the breeches were “high impact” – resulting in costly losses, injury or death. According to the report, “outsiders or employees at some hospitals could have accessed, and at one of the seven hospitals did access, systems and beneficiaries’ personal data.” The hospitals were not identified for security reasons, but were located in California, Georgia, Illinois, Massachusetts, Missouri, New York and Texas. Deven McGraw, the director of the health privacy project at the Center for Democracy & Technology, told the Rundown the report was a “wake up call to the health care industry,” adding it “shines a spotlight on the need to light a fire under both the regulators and the health care industry that this is a serious issue.” Health records contain vital personal information – a person’s name, birth date, address and social security number. All of that can be used to construct a false identity, or collect fraudulent Medicare charges. Health records also contain details about medical treatment, and some worry that information – particularly mental health treatment – could be used against them in their career. And in the case of celebrities, the risk is information could be sold to tabloids, as was the case with Britney Spears and Farah Fawcett at UCLA’s Medical Center in 2008.