By Steven Munnelly
Health care has become an increasingly large part of our lives; from the increase in the percentage of our Gross Domestic Product (GDP) we spend on it, to the periodic overhauls of our health programs, to the creation of online insurance marketplaces, or to the future of health care technology, one has to wonder: how secure is my health data?
With the recent uptick in health care identity theft, approximately 43% of reported identity thefts in 2013 were medical-related. In parallel, there has been a recent surge of technology within our health care system—people are purchasing often-subsidized insurance coverage through online insurance marketplaces using a complex information sharing tool called the Federal Data Services Hub (or, the Hub); more providers are receiving incentive payments for adopting Electronic Health Records (EHRs), and mobile applications and smartphones in daily life have made all types of personal information-including health data-far more accessible.
It is difficult to gauge how this landscape will change in the next few years. For example, my former pediatrician’s office was affiliated with a regional hospital in the Northeast. Because of an injury, I was brought to the hospital, where I registered with a triage nurse. When we were finished with all of my information, I was given a simple-looking card with the hospital’s logo on it and a chip embedded in it.
When I went for any follow-up care or visited any of the physicians affiliated with this organization, I could present them with this card and avoid any of the registration processes. Sounds great, right? Well, yes, except someone can snag this card and my ID and then have access to all of my health information. While I still appreciate it more than sitting, ankle swollen, waiting for the triage nurse to type all of my information in, it made me a bit uneasy to have everything tucked in my pocket.
More recently, we all got wind of the Amazon Prime Air drone delivery service. With access to medication, health services, and equipment being quite limited in rural areas such as Wyoming or Maine, it’s pretty easy to see how this could be adaptable to, say, medication delivery. However, how will these vehicles and other such technology be able to verify a patient is who they say they are? Biometric scanning? Self-attestation? ID barcode readers?
Our current security standards for technology place the onus on providers to adopt safeguards to ensure that patients’ Personal Health Information (PHI) and Personally Identifiable Information (PII) are “secure.” This could be separating patient/public and provider-accessed wireless networks, banning mobile connection to Wi-Fi, banning providers from removing computers and tablets from medical premises, or creating securely encrypted servers with multiple log-in steps. These can be unpopular restrictions with providers who have limited time with patients; rather than repeatedly authenticating themselves every time they step away from their computer, providers want to spend time with their patients.
It remains to be seen how our technology will evolve, and where the vulnerabilities may be. From a health policy student’s standpoint, I find this area to be increasingly relevant and intriguing as I move into the daily hustle in Washington. While there will likely never be a way to fully prevent the breach of our data, we can hope that the technology advancements that are destined to make their way to the health world also come with equal advancements in information security.
Steven Munnelly is a Master of Public Health candidate in Health Policy at the Milken Institute School of Public Health at the George Washington University. Steve serves as the Health Policy liaison to the CSPRI CIFF program, with a vested interest in how policy can influence health IT. He originally hails from Boston, MA, holds a Bachelors of Science in Health Sciences from Northeastern University, spent a summer studying comparative healthcare systems in Singapore and Bali, Indonesia, and sings acapella and jazz music in his spare time. Steve has worked for the Medicaid and CHIP Payment and Access Commission and the Centers for Medicare and Medicaid Services.
None of the information expressed in this or any posts by Steve reflect the agencies or entities for which he is affiliated; the ideas written are solely his own.