As the year 2015 slides into the cybersecurity history books as “the year of the healthcare breach” I chose to examine 1 aspect of medical information privacy that is sometimes overlooked: the effect of breaches on patient-doctor data exchange. Particularly, I am concerned that high profile healthcare-related Information Technology security violation may lead more persons to withhold sensitive data from their doctor because of fears that it will be exposed because of weak privacy protection or weak security controls.
That such fears exist is all too obvious and clear when you talk to persons about the huge healthcare data breaches of 2015, the 6 largest of which compromised more than 100 million records. I have spoken to several people whose information was exposed in those attacks and who subsequently experienced 1 or more forms of attempted identity theft.
Of course, it is difficult to get direct evidence that ties a particular violation of your data to a particular instance of identity theft. But if the theft comes soon after a violation at Company A, of which you are a consumer, you will probably suspect that specific violation is the cause of your issue. When an entire string of breaches occur in a short span of time, there is plenty of blame to go around. Even if you are Company A and you are certain that your violation did not result in ID theft, you may get blamed anyway.
The Withholding Issue
The requirement for doctors to keep patient data confidential is as old as the practice of medicine itself. (In the genuine version of Hippocratic Oath a doctor would vow to hold sufferer data “sacred and secret within my own breast”.) Simply put, doctors can’t offer safe and effective care to sufferers if those sufferers do not share with them all of the relevant data. Of course, there are various reasons why a person might select not to tell their doctor everything. Few reasons predate computers and are as old as society itself, involving shame, embarrassment, and fear of censure.
Although, fears about unauthorized approach to, and abuse of, electronically stored personal health data were voiced as soon as database technologies started to emerge in the latter half of the last century. In fact, the US government agency that was then called as the Department of Health, Education, and Welfare (HEW) prompted few of the 1st critical thinking about the effect of computer databases on society. A 1973 document commissioned by that agency and subsequently called as the HEW Report, examined the numerous fears raised by the increasing growing computerization of personal data.
No comments:
Post a Comment