The face of healthcare as we know it is changing and so are the tools that we use to coordinate and facilitate care. When you go to the doctor, there isn’t a paper chart in a bin outside the exam room anymore. Instead, there’s a computer sitting on the counter or a tablet in the doctor’s hands with your health information on it. We have internet access to our records and forms are submitted electronically through a patient portal prior to your visit. Even when you arrive, your signature on an authorization form is now done with a stylus on an e-signature pad. But it doesn’t end there; now we have personal sensors for in-home patient monitoring, wearable technology tracking our daily functions, personal health apps on our smartphones, the list goes on and on.
It is widely accepted that paper-based anything is a notion of the past, but all of this new technology is being incorporated into our existing healthcare infrastructure and I’m not sure we are ready for it. Thanks to the HIPAA Privacy rule we know how to protect paper-based personal health information (PHI). We are aware of the uses and disclosures permitted, as well as the reasonable reliance on covered entities to share only the minimum necessary to carry out a permitted function. With this new technology, do we have these same assurances? Is the creator of that app considered a Covered Entity and subject to HIPAA? Is the internet connection transmitting my PHI from my wearable device secure? Yes, we do have the HIPAA Security Rule that protects electronic PHI, but it was released in 2005 and didn’t take into consideration all of these new technologies because they didn’t exist yet.
I find myself asking the question, where does cybersecurity fit in with this shifting environment? We are missing a balance between this inherent need for interoperability and privacy and security. I have an eerie feeling that especially as this new generation of technology natives takes over, privacy and security are being cut back on for sheer convenience. This fear is not unfounded, there have been more healthcare breaches this year than ever reported. In 2014, healthcare accounted for only 5.2% of stolen records, but in 2015 it surged to an alarming 34%!
The Millennial Generation finds it more convenient to fill out patient forms on their phone, even though it’s over an unencrypted, unsecure platform, instead of printing out a form and filling it out by hand. From my perception as a Millennial working in healthcare, I understand the desire for convenience as well as the possible disastrous consequences of sharing unsecure PHI.
It is true, the combination of these technologies will improve the quality of healthcare by making it more personalized and efficient, but it also may lead to higher rates of identity theft, health insurance fraud, and many other issues. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems acceptable.
We, at Itentive, believe that patients should have the right to exchange private health information securely with the convenience modern technology offers. This is why we are committed to this cause and meeting the unique needs of this evolving healthcare environment.
- Linsdey Lanning, Healthcare Informatics Coordinator at Itentive