Advances in Healthcare Technology Raise Data Privacy Concerns
As new technologies enter the healthcare system, the collection and use of data raises concerns about patient privacy. Although the Health Insurance Portability and Accountability Act (HIPAA) regulates how patient information may be shared, the scope of the policy means that many newer channels fall outside its purview. The challenges of data availability and confidentiality have been described from a recent perspective in Circulation.
While some assume that HIPAA covers all health-related data, it does not protect anonymized information or data from entities not covered by the law. This excludes a large amount of health data from the scope of HIPAA, including data that could be re-identifiable. Smartphone apps are one example. A recent study showed that 19 medical apps shared data with 55 individual entities. Users may not realize that, for example, a nutrition app combined with smartphone location tracking could be used to infer food choices and make health predictions.
Likewise, patient online activity could play a role in how data is dispersed. A combination of search terms, sites visited for information on symptoms or illnesses, and even personal health stories shared online could be used by third parties to triangulate patient information. Since much of the data that travels via a mobile device or online is unregulated, stakeholders, including advertisers, search engines, and credit card companies, could look up patient data to sell to third parties. A potential concern that arises from this is the creation of âhealth scoresâ based on patient data, which could inform insurance coverage or even employment. Since much of this could be correlated using non-health data, it may not be covered by non-discrimination laws.
Researchers have identified 2 main areas of concern that should be addressed by healthcare professionals. Clinicians should educate themselves on how to safely use digital data to educate patients on the subject. For example, patients need to understand which types of data are covered by HIPAA and which are not. Healthcare providers can also advocate for better legislation regarding the use of healthcare information, which could resemble the general data protection regulation in force across the European Union. While policies such as HIPAA have been in place for some time, the United States is expected to create additional and updated health data protection regulations. Overall, concerns about data sharing should be taken into account when it comes to health-related data to ensure patient safety and privacy. If used with care, the ease of collecting and sharing data can be of great benefit to patients and providers.
Golbus JR, Price WN, Nallamothu BK. Privacy Gaps for Digital Cardiology Data: Big Problems with Big Data. Circulation. 2020; 141: 613-615. https://doi.org/10.1161/CIRCULATIONAHA.119.044966.