According to software analyst and healthcare blogger Shahid Shah, the Health IT Guy,at the Patient Privacy Rights Foundation talk, the four reasons for patient privacy going by the wayside includes:
- Acceptance: Patients accept having their records shared on the EHR systems based in the cloud as the “cost of doing business”
- Meaningful Use certification: puts too much emphasis on how a product works, or functionality as a method of incentive payment instead of the way patient privacy will be maintained. “Privacy is difficult to define and even more difficult to implement, so the testing process doesn’t focus on it at this time,” he said.
- Assumes: Many patients simply assume that their information is protected and secure, when in fact, the exact opposite is true. “The digital health IT world of today is like walking into a patient’s room in a hospital in which it’s a large shared space with no curtains, no walls, no doors, etc.,” Shah said. “In this imaginary world, every private conversation occurs so that other scan hear it, all procedures are performed in front of others … without the patient’s consent and their objections don’t even matter.”
- Cost of creating privacy-aware solutions: Technology vendors often times don’t think about privacy until the end of the development process, due to the high cost of inclusion early on. “Privacy can no more be added on top of an existing system than security can,” Shah said, adding that “because it’s cheaper to leave it out, it’s often left out.”
Shah’s takeaway message from the talk was:
“It’s rare for patients to choose physicians, health systems or other care providers based on their privacy views, even when privacy violations are found and punished, it’s uncommon for patients to switch to other providers.”
Iliana Peters, a privacy specialist with the U.S. Department of Health & Human Services Office for Civil Rights, pointed out at the American Bar Association’s Health Law Section’s Annual Washington Health Law Summit last month, that all providers updating software to comply with the Meaningful Use program’s 2014 edition of certification, or upgrading for any other reason, should conduct a security risk analysis to test for vulnerabilities that may compromise patients’ electronic data.
What are your views on the security risks and have you addressed them at the time of the doctor-patient interaction? Share your experiences in the comment box below.