By Doug Pollack, Chief Marketing Officer for ID Experts
One of the panels at the Consumer Electronics Show Digital Health Summit is asking a really interesting question: Who will you trust with your health data?
As described in an article in Healthcare IT News on healthcare data privacy and security, there have been numerous data breach incidents over recent years who sensitive patient information has been inappropriately disclosed.
“In 2009, PrivacyRights.org reports that there were 46 breaches of PHI representing nearly 80M records.
Note that 76M of those records were from the VA that inadvertently sent one of its RAID drives out for repair without cleansing it of those 76M records of veterans.
If you can’t trust the government to keep your PHI safe, who can you trust?”
Now I must admit, I would never have suggested that it is reasonable to assume that the government is good at maintaining privacy of personal information that they collect on American citizens.
But it is reasonable to assume that as more protected health information (PHI) is collected, stored, shared and manipulated in computer systems at healthcare providers and payors, that the risk of exposure, and the subsequent number of data breach incidents, will rise.
So it really does make for an interesting thought, do I trust my doctor and hospital with my health data? Do I trust my health insurer with my health data?
How about my pharmacy? Like it or not, I don’t have much choice but to provide them with or allow them to access my PHI.
But I do have a choice as to whether I should entrust Microsoft (MSFT) or Google (GOOG) with this sensitive information. Both companies have built systems “in the cloud” that allow consumers to centralize their personal health history.
Microsoft HealthVault is designed to let us “collect, store, and share health information critical to our family’s well-being” and Google Health allows us to “organize our health information all in one place, gather our medical records from doctors, hospitals, and pharmacies, and share our information securely with a family member, doctors or caregiver.”
Microsoft has made HealthVault quite “open”,enabling organizations such as providers, payors, pharmacies and others to create applications for individuals to import information that they hold on us into our HealthVault account.
I setup a HealthVault account, to see how this worked.
Unfortunately, neither my national pharmacy chain nor my health insurer were on the list of those who make such information “exportable” to HealthVault.
Assuming that my trusted providers, insurer and pharmacy do provide such export capabilities in the future, it still leaves me with a nagging concern: do I really trust Microsoft to hold my entire medical life history?
While I’d love to have all of this information in one place, and to be able to make it available to healthcare providers that I may want to see in the future, the thought of entrusting this to anyone is daunting, not the least of which a company who’s software is a constant target for viruses, worms and malware of all kinds.
So for now, I probably won’t start trusting my medical history to either Microsoft or Google.
My health data will be remain somewhat safe with doctors, an insurer and a pharmacy, and numerous business associates of their that I don’t even know by name, that I hope I can trust.
But given the number and scope of data breaches the last year or so in healthcare, I’m not really feeling very confident about my healthcare data privacy at this moment.
The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com