Is Your Medical Data At Risk? – Part One
Not much stays private in today’s increasingly digital world, and it seems even ultra-sensitive medical records may be at risk. Google just announced a partnership with Ascension, the country’s second-largest hospital system, that will allow the tech giant to store and analyze millions of medical data to improve healthcare services. Ultimately, Google will have access to full names, birth dates, illnesses, and treatments of Ascension’s patients (The New York Times, 2019).
The eye-opening announcement forced many to wonder how this partnership will follow the legal regulations enforced by HIPAA. The legislation HIPAA, or the Health Insurance Portability and Accountability Act, was enacted to protect patients’ confidential medical histories and prevent any mishandling of information. Healthcare providers, insurance companies, and clearinghouses must abide by these laws. Individuals and organizations that do business on behalf of a medical provider are required to follow these privacy laws under a business associates agreement, according to the U.S. Department of Health & Human Services.
Although HIPAA has been amended to include regulations for the safeguarding and sharing of information digitally as new systems have entered the scene, the regulations are outpaced by technology and do not provide protections for what’s to come. Furthermore, HIPAA does not apply if the patient willingly shares his or her personal information with an organization or application, which is why several consumer-facing companies have been able to get away without signing a business associates agreement.
For example, Apple made it easier for patients to receive health information via iPhone by establishing an encrypted connection between the patient and provider, but Apple will not have access to these confidential records. Facebook created a healthcare tool that reminds consumers to set checkup appointments or tests. Fitness trackers, such as Fitbit, monitor heart rates, sleep cycles, food intake, and activity, and share that information with a user’s smartphone or computer.
The introduction of technology and data analyzation in the healthcare realm is not new. Insights from machine learning are already utilized to provide better care in hospitals and clinics. Stanford University’s Center for Biomedical Informatics Research shares some of the insights they’ve discovered by studying 200 million health records of patients in their hospital system and outside sources (The Wall Street Journal, 2019). Their algorithms have been able to predict which patients are most likely to die within a three- to 12-month period, as well as compare patients’ data and blood work to make recommendations for certain checkups and treatments.
In a previous article on our blog, YES HIM Consulting explored how healthcare providers are continuously refining and developing their processes by implementing digital project management systems to improve patient care, reduce costs and elevate the patient’s overall experience and satisfaction. There’s no doubt that technology has improved healthcare services and made the entire experience easier for both patients and providers.
But, when sensitive medical information is shared with companies who don’t fall under HIPAA’s protection, what are the risks? How will this data be used? Stay tuned for Part 2.