MedCity Influencers

Privacy & Healthcare

I’ve been thinking of privacy and healthcare recently. So, like any good nerd, I went to HHS.gov and looked at their data on Breaches Affecting 500 or More Individuals as required by the HITECH Act. The table there lists 647 entities involving 22,554,728 people. That’s a lot! And with online exchanges scheduled to launch Oct. […]

I’ve been thinking of privacy and healthcare recently. So, like any good nerd, I went to HHS.gov and looked at their data on Breaches Affecting 500 or More Individuals as required by the HITECH Act. The table there lists 647 entities involving 22,554,728 people. That’s a lot! And with online exchanges scheduled to launch Oct. 1 there are people worrying about how secure patient information will be. While there are differences between security and privacy these concepts are clearly interrelated.

Patient privacy is a complex issue that, unfortunately, too few people think deeply about. There are some thoughtful exceptions, like the work of the Center for Democracy & Technology, but even they tend to deal with it at a high level. Also, fear can be lucrative; you can sell systems, encryption protocols, secure messaging tools, etc. I do think technology can help solve the privacy conundrum but only when the multiple dimensions of the many different problems are understood and both providers and consumers understand the issues and their responsibilities.

First of all, realize that privacy and the delivery of effective healthcare require balancing. When I was responsible for data privacy at a major health system, the chair of a clinical department told me that he wanted absolute security. I told him that that could be delivered but that one would have to bar patients from visiting the facility. You need sufficient information about any situation to provide the proper response to that situation.

Another complex issue concerns the sensitivity of the data being processed. I don’t think I would be terribly concerned if someone knew that I had a blood test to determine my cholesterol levels or even the results of the test but I might be much more concerned about someone even knowing that I had a test for HIV. Furthermore, the nature of the encounter makes a difference as well. If it is a life or death situation, I want my doctor to know everything possible that might make a difference, even if I were not in a state to communicate it. Of course, when I recover, I want her to forget everything of a sensitive nature that she learned.

There are too often technology solutions to problems that don’t exist. There are a growing number of secure communication technologies, from texting to videoconferencing that are being marketed as universal solutions. All providers in a facility are being told that they can only text on secure, hospital-owned devices. I don’t want to compromise security but every one of my physician friends says that they confine their texting to seeing if a colleague is in the facility. The point is that technology alone can never be a substitute for judgment.

Doing nothing and worrying that every advance in patient information technology will do more harm than good is not a solution. There needs to be an understanding of human responsibilities, of the value of available technologies and data ownership management. That requires rational and knowledgeable discussion and research. Once we adequately understand the proper balance between privacy and communication required in a specific situation then we will be in a position to apply appropriate technology to help solve that issue.

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.