Protecting Privacy of Health Information and Building Trust as Mobile and Online Health Evolve

“Image of two dogs, one of whom is using a computer. The caption says “On Facebook, 273 people know I’m a dog. The rest can only see my limited profile.”

Image provided courtesy of Rob Cottingham

The health care system is going digital at a fast clip. In the last two years, the number of hospitals using electronic health records has more than doubled to 35%—and  the majority of remaining hospitals say they have near-term plans to do so. While patient or consumer use of digital tools for health, such as patient portals and personal health records (PHRs), generally lag behind, it is catching up, especially when you also consider the use of “non-traditional” tools, such as mHealth and social media.

The proportion of American consumers using mobile phones for health has more than doubled in a single year to 26%, and social media use for health has more than tripled since 2007, reaching roughly a third of the country.

As we know from numerous polls and studies, the privacy of personal health information is one of the policy issues the public cares about most as health care goes digital.  Laws and regulations such as HIPAA and HITECH provide some parameters for privacy guidance in this changing environment, and as health information technology evolves, additional initiatives can build on and complement those protections.

Privacy of Health Information

As we know from numerous polls and studies, the privacy of health information stored electronically is one of the policy issues the public cares about most as health care goes digital.  Laws and regulations such as HIPAA and HITECH provide some parameters for privacy guidance in this changing environment, and as health information technology evolves, additional initiatives can build on and complement those protections.

The Office of the National Coordinator for Health Information Technology (ONC), primarily through its Office of the Chief Privacy Officer, is working to understand and provide tools for addressing privacy and security issues related to mobile and online health information through several initiatives, described below. In addition, in partnership with the Office for  Civil Rights (OCR), ONC is helping to inform the public about privacy and security within the context of the benefits of health information technology and its potential impact on individual patients and consumers.

ONC initiatives related to the privacy of health information include:

  • Mobile Devices Roundtable: Safeguarding Health Information: A March 16, 2012 roundtable to inform the development of clinician “good practices” regarding securing health information on mobile devices. Register for real or virtual participation (it’s free)!

 

  • mHealth Privacy and Security Consumer Research: Ongoing focus group research to explore the attitudes and preferences of consumers with respect to health-related information and mobile devices.

 

  • Survey on Privacy, Security of Medical Records: An annual public survey looking at preferences related to the privacy and security of electronic health records and health information exchange, exploring, among other key measures, the percentage of people who report having kept any part of their medical history from their doctor due to privacy concerns.

 

  • Model Privacy Notice for Consumers for Personal Health Records (PHRs): An online tool that helps consumers assess and compare the privacy practices of individual PHRs through a simple table, filled out by PHR providers, describing how they use and protect health information.

We encourage you to participate in these initiatives and provide us your feedback on how we are doing!

12 Comments

  1. Barbara Duck says:

    What you can do is to start with requiring Health care and all industries for that matter to disclose what information and who they sell to. We have nothing now except very crafty written privacy statements that are written that way on purpose to keep all of us guessing. A federal site requiring all who sell data to disclose this would be a big help not to mention encourage some transparency in all of this. That would be step one. The next step would be to license and federally tax the data sellers. This could fix a ton of federal budgets and help a lot of the tax laws being worked on now.

    Licensing data miners is nothing new as states do it already for a pittance and they have to revoke licenses of those who do not pay for updates and secondly the server slow down to a crawl and the states have to buy software to limit their access…nobody wins here except the miners.

    This would help track and slow down some of the data moving and help consumers to have a disclosure page where they could look it up on a drill down SQL query. We are doing a lot of that anyway, why not require this as well. Non profits would still need to list but get a break.

    If data is being used for research, put that on there too so consumers can see who has access as the big guessing game is not going anywhere fast. Again the money side with licensing and taxing would really bring some good tax revenue too as I use infamous example of Walgreen with their 2010 SEC statement showing just under $800 million made from selling data. Did that open your eyes, it should:) How much money is being made out there from selling data and at the same time keeping consumers in the dark.

    I get pretty wordy when I get on a soapbox at times but this is something worth a thought or 2 and actually was included in my group of posts called the Attack of the Killer Algorithms that addresses flawed and mismatched data, and yes that is out there sadly. The entire concept would slow down the process of sharing data and corporate USA making billion off of using information from taxpayer data they get for free. Big corporations figured out this big cash cow a few years ago and it is partly why manufacturing took such a dip as a couple geeks and a cloud server and run those mining algos for the billions:)

    http://ducknetweb.blogspot.com/2012/02/start-licensing-and-taxing-data-sellers.html

  2. The greatest weakness in security is always human and as regards mHealth and PHRs lies principally in patient passwords. 128-bit encryption is pointless when a patient’s PHR password is too simple and conversely if the password really good, it is usually too complex to easily remember. A new paradigm is desperately needed without which implementation of truly effective and universal MHealth records and PHRs is bound to prove problematic.

  3. Great information. Thanks for your post. The health care system is going digital at a fast clip. It’s true for developed country, but i doubt about it in case of developing countries.

  4. Sam says:

    Slowly and steadily all the data is going electronic. And this had indeed given rise to privacy policies and security issues.
    It’s not just the health information but all sorts of information which we save it as confidential information on social websites, it somehow manages to reach the hands of the MSC’s which they use to make fool of the customers buy taking advantage of their vulnerable sides.
    To stop this kind of thing we simply need better privacy policies.

  5. Thelma Lee says:

    The biggest listlessness in protection is always individual and as regards mHealth and PHRs can be found generally in sufferer account details. 128-bit encrypted sheild is useless when a individual’s PHR code is too simple and however if the code really good, it is usually too complicated to quickly keep in mind. A new model is much required without which execution of truly efficient and worldwide MHealth information and PHRs is limited to confirm difficult.

  6. Just a quick thanks for sharing my cartoon with your readers – I’m delighted it could illustrate such a timely and important post. And I’ll be looking forward to seeing this discussion unfold.

  7. Smile says:

    Technology represents a boon for healthcare, but it obviously has its challenges. In the short term, security and privacy issues will be expensive, but long-term savings due to digitizing healthcare records will be awesome.

  8. Its was nice to know that American consumers using mobile phones for health has more than doubled in a single year to 26%,also social media use for health has more than tripled since 2007.
    Thanks for sharing this information with us !

  9. Interesting to know that ONC, is working to understand and provide tools for addressing privacy and security issues related to mobile and online health information through several initiative.

  10. Mike says:

    I really love the technology that we have and what will come in the future. But, the big fault is PEOPLE. There are so many who just don’t realize what they are doing, or perhaps even worse, don’t care. So, eventually we lose a lot of private information.

  11. Alex Winters says:

    It is extremely difficult to keep such data safe. There are so many people and so many entities accessing them that an abuse is very likely. Having said that, there is just no alternative to it, really.

Leave a ReplyComment Policy


*