I doubt many would disagree with the view that patients deserve to have confidence that decisions surrounding their healthcare are based on the best and most complete information possible. Yet, here we are in the 21st century – an era defined by rapid advances in technology and medicine – and valuable patient data is all too often elusive in a time of need.
The healthcare industry (along with many other industries) are standing at the crossroads of data privacy and data access. The main issue lies within two opposing forces: the need to protect sensitive personal health information and the drive to use patient data to improve patient care and outcomes.
How we got here
As more and more organizations went online over the last several decades, the risk of data breaches became a new reality. According to Privacy Rights Clearinghouse, there have been over 11 billion records breached since 2005. Healthcare organizations, universities, insurance companies, governments and retailers – any institution, large or small, that collects consumer data is vulnerable to attack.
With the emergence of online commerce sites, social media and mobile devices became an integral part of consumers’ lives. It was the Facebook-Cambridge Analytica scandal in March 2018 that truly “Sparked the Great Privacy Awakening” in the tech industry, resulting in a backlash for the unauthorized sharing of personal information and unleashing a slew of legislation to protect the data privacy rights of consumers.
The current state of data privacy
On the heels of Europe’s General Data Protection Regulation (GDPR) and numerous states’ proposed legislation to regulate data privacy practices, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. As one of the most comprehensive privacy laws in the U.S., it is expected that this legislation will serve as a model for other states.
The Health Insurance Portability Accountability Act (HIPAA), enacted in 1996, is the primary health privacy and security law in the U.S. While there were amendments to the legislation in 2013 to account for advances in technology, there remain significant gaps that address the digital age.
As data breaches, cyberattacks and unauthorized use of personal data have proliferated, concerns over data privacy are now at the forefront of both public debate and product development.
Currently, the federal government has proposed data-sharing rules for healthcare that promote the expansion of patient data access, including allowing patients to access their health information and share it with third-party apps as well as penalizing information blocking. This proposed legislation has set off intense pushback from Health IT companies.
At CES 2020, the international stage for unveiling the latest innovative consumer technologies, the “hottest products” this year were all about securing privacy.
Forging a path forward
Patient data privacy is paramount, but we need to be able to share relevant data to deliver optimal healthcare. Striking a balance between the allowable uses of sensitive personal data and preserving security and patients’ right to privacy is a complicated undertaking.
As healthcare systems turn to data-driven solutions to help achieve optimal health outcomes and lower healthcare costs, there are several critical factors that should define the path toward achieving the right balance between data access and security.
- Patients – Patient needs should be at center of everything in healthcare. A patient-centered environment that enables them to be the gatekeepers of their own data will improve their experience of care delivery.
- Infrastructure – Building a technology infrastructure that includes cloud computing gives greater access to security tools and resources, reducing the risk of a data breach. It also lowers costs and facilitates care coordination.
- Interoperability – Moving toward an open ecosystem that allows a seamless, yet secure exchange of patient data and information across systems is key to serving the needs of patients, caregivers, and providers.
- Legislation – We have a long way to go and legislation is not the only answer; however, laws governing data privacy, security, and access need to address the realities of the digital age and define ways to enforce compliance.