DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

On Managing Your Own Health Records

Posted on January 12, 2010 by Dissent

By Doug Pollack, Chief Marketing Officer for ID Experts

One of the panels at the Consumer Electronics Show Digital Health Summit is asking a really interesting question: Who will you trust with your health data?

As described in an article in Healthcare IT News on healthcare data privacy and security, there have been numerous data breach incidents over recent years who sensitive patient information has been inappropriately disclosed.

“In 2009, PrivacyRights.org reports that there were 46 breaches of PHI representing nearly 80M records.

Note that 76M of those records were from the VA that inadvertently sent one of its RAID drives out for repair without cleansing it of those 76M records of veterans.

If you can’t trust the government to keep your PHI safe, who can you trust?”

Now I must admit, I would never have suggested that it is reasonable to assume that the government is good at maintaining privacy of personal information that they collect on American citizens.

But it is reasonable to assume that as more protected health information (PHI) is collected, stored, shared and manipulated in computer systems at healthcare providers and payors, that the risk of exposure, and the subsequent number of data breach incidents, will rise.

So it really does make for an interesting thought, do I trust my doctor and hospital with my health data? Do I trust my health insurer with my health data?

How about my pharmacy? Like it or not, I don’t have much choice but to provide them with or allow them to access my PHI.

But I do have a choice as to whether I should entrust Microsoft (MSFT) or Google (GOOG) with this sensitive information. Both companies have built systems “in the cloud” that allow consumers to centralize their personal health history.

Microsoft HealthVault is designed to let us “collect, store, and share health information critical to our family’s well-being” and Google Health allows us to “organize our health information all in one place, gather our medical records from doctors, hospitals, and pharmacies, and share our information securely with a family member, doctors or caregiver.”

Microsoft has made HealthVault quite “open”,enabling organizations such as providers, payors, pharmacies and others to create applications for individuals to import information that they hold on us into our HealthVault account.

I setup a HealthVault account, to see how this worked.

Unfortunately, neither my national pharmacy chain nor my health insurer were on the list of those who make such information “exportable” to HealthVault.

Assuming that my trusted providers, insurer and pharmacy do provide such export capabilities in the future, it still leaves me with a nagging concern: do I really trust Microsoft to hold my entire medical life history?

While I’d love to have all of this information in one place, and to be able to make it available to healthcare providers that I may want to see in the future, the thought of entrusting this to anyone is daunting, not the least of which a company who’s software is a constant target for viruses, worms and malware of all kinds.

So for now, I probably won’t start trusting my medical history to either Microsoft or Google.

My health data will be remain somewhat safe with doctors, an insurer and a pharmacy, and numerous business associates of their that I don’t even know by name, that I hope I can trust.

But given the number and scope of data breaches the last year or so in healthcare, I’m not really feeling very confident about my healthcare data privacy at this moment.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com


Related:

  • Maintenance Note
  • CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
  • System Status Note
  • System Status Note
  • System Status Note
  • Fraudster's fake data breach claims should remind media to be careful what we report
Category: Uncategorized

Post navigation

← Recovery firms may steal your data
UK: Action taken after personal details found in waste bins →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.