Is Your Medical Data At Risk? – Part Two
As a follow-up to our previous article, “Is Your Medical Data At Risk? – Part One,” let’s analyze how technology companies outside of the medical industry can utilize personal health information.. YES HIM Consulting’s team of coding and auditing experts can help healthcare providers bridge the gap between patient data management and the growing digital storage strategies. Contact our team to discuss those options.
Google’s partnership with Ascension, dubbed “Project Nightingale,” has raised a lot of concerns over the safety of personal health information (The Wall Street Journal, 2019), especially since the tech company has already paid $170 million in fines due to violating privacy laws (The New York Times, 2019).
Representatives from Google and Ascension say the medical data will help develop software that will make suggestions for patient care. Google’s cloud platform will store the information in a private space, and it won’t combine it with any other consumer data for advertising purposes (The Wall Street Journal, 2019). But, with more technology companies entering the healthcare industry, who’s to stop them from using private medical data to affect insurance premiums, or deliver targeted ads based on health conditions?
Ascension has confirmed that the deal is in compliance with regulations for data handling, but at least a few Ascension employees working on the project have voiced concerns over Google employees downloading patient data, as well as if Google’s software that analyzes the health information complies with HIPAA, reveals internal documents (The New York Times, 2019).
Once companies and providers remove personal identifying information, known as “de-identification,” HIPAA regulations that safeguard health data no longer bind them, making it even easier for them to use the data as they choose. However, Google says their agreement with Ascension does not allow for de-identification.
What Are the Risks?
Data breaches pose another security risk to sensitive medical information, especially since they are extremely prevalent, and the healthcare sector is not immune. In 2018, 15 million patient records were breached, with that number increasing to 25 million this year, according to the Protenus Breach Barometer (Xtelligent Healthcare Media, 2019). The data breaches affected American Medical Collection Agency, Dominion National, Inmediata Health Group data breach, among others, stealing personal information, demographics, medical claims data, and more.
Google has had its fair share of data breaches and security threats. The company shut down its Google Plus service last year after uncovering a security vulnerability that may have put thousands of users at risk (Experian, 2018). A coding glitch in the program granted third-party applications access to names, emails, occupations, genders, and ages of Google Plus users without their knowledge or permission. But, the troubles didn’t stop there. User data from 52.5 million accounts were exposed after an additional bug in a Google Plus API was discovered late last year (WIRED, 2019).
We will keep a close eye on how tech companies, including Project Nightingale, are entering the healthcare sector and how they plan to use personal medical information going forward. We’ll provide updates as we learn more.
YES HIM Consulting’s team of coding and auditing experts can help healthcare providers bridge the gap between patient data management and the growing digital storage strategies. Contact our team to discuss those options.