If we have learned anything from the recent hackings – Sony, Google Mail, PBS – in which vast amounts of data for millions of users have been compromised, it is that precious data is rarely entirely secure and certainly barely private. It is time to tighten up. Nowhere is this more important than in healthcare data. Imagine if, rather than your Playstation login being compromised it was your entire family medical history that were posted on the net for all (including your health insurer, employer and others) to read at their leisure. Moreover, the digital nature of medical data and the possibility that it is not even encrypted means that it can be shared with others accidentally or deliberately without patient consent.
Researchers in the US and Israel have reviewed common practice surrounding medical data, the various security issues, privacy concerns which have been discussed for years and the legislation around the globe and have put forward eight possibly remedies to improve patient privacy and rights. Taken together they do not represent a cure-all, but could alleviate some of the more problematic symptoms and perhaps avoid a terminal condition for healthcare data:
- Make the senior-level role of “Chief Patient Officer” (CPtO) a legal obligation for healthcare providers. The CPtO would manage the legal, risks and business impacts of privacy and patient’s rights and guide caregivers and medical administrators.
- Create a “Medical Encounter Officer” position to for patients and manage their privacy, information and medical rights.
- Establish, legally or through an agreed standard, a “privacy threat scale” to adjust the protection level depending on how sensitive is particular patient information.
- Store the signed consent form in the patient’s medical record together with signature and expiration dates. This would be most useful in emergencies and when a patient is unable physically, mentally or emotionally to sign a consent form, with the caveat that a patient can veto the stored consent.
- Extend the concept of stored consent form so that different consents can be applied to different situations and treatments, procedures or involvement in research.
- Campaign to raise privacy and patients’ rights awareness through public forums, education and the media.
- Adopt and implement a standalone personal smart card for healthcare provision. Such a card would combine the benefits of a national health records system, personal health record system, and the privacy threat scale advantages.
Yair Babad, & Avishai Lubitch (2011). Ethical and legal issues of privacy and patient rights in the application of information healthcare delivery systems Int. J. Healthcare Technology and Management, 12 (3/4), 230-249
- HHS Proposes Privacy Rule on Medical Records (nlm.nih.gov)
- Interview: Protecting patient privacy rights in a wired world (radar.oreilly.com)
- Security Breaches Getting Attention Again – Patient Privacy Issues at Stake And It’s Everyone’s Concern and Problem To Solve-No Witch Hunts Please… (ducknetweb.blogspot.com)
- Schwartz On Security: Your Medical Records At Risk (informationweek.com)
- Is someone snooping on your health records? (redtape.msnbc.msn.com)
- Verizon Enhances Security Programs For Healthcare Organizations (informationweek.com)
- Electronic Patient Consent System Planned (informationweek.com)