Healthcare information is one of the most delicate pieces of data that is collected every day, and people are increasingly concerned about it. CIOs and healthcare providers need to ensure the best security, not only because it is the law, but because data breaches actually affect how honest a patient might be with a doctor and how quickly they will seek medical attention.
New London Consulting conducted a survey of patients in the United Kingdom, and the answers were frightening for people who care about public health issues or the spread of communicable diseases:
38.3 percent stated they have or would postpone seeking care for a sensitive medical condition due to privacy concerns. 72.9 percent of patients reported that if there were any breaches of patients’ personal information at a hospital where they had treatment; it would reduce their confidence in the quality of healthcare offered by the hospital, and nearly 1 out of 2 patients, 45.1 percent indicated they would seek care outside of their community due to privacy concerns with 37 percent indicating they would travel substantial distances, 30 miles or more, to avoid being treated at a hospital they did not trust, in order to keep sensitive information confidential.
Another important finding is that 53 percent of patients withhold information about some sensitive medical condition from their doctor and healthcare provider out of privacy concerns, and 37 percent will travel significant distances to avoid treatment in an institution they did not trust.
It is also interesting to note the differences between the UK and the US:
UK patients are almost twice as likely to withhold information from their care provider about a sensitive personal medical matter if they had a poor record of protecting patient privacy as their American counterparts... In the UK, patients indicate that they feel stronger than US citizens about the degree in which executives and top managers should be held accountable for protecting patient privacy and in the case of a breach.
Obviously, some of those "sensitive medical matters" include conditions that are seriously contagious or more dangerous if left untreated over time. As the report states:
Accurate information is the bedrock upon which physicians assess medical conditions, and hence determines the treatment patients receive. When this information is withheld or even falsified, fundamental treatment assumptions are impacted.
CIOs need to be proactive about keeping information extremely safe. It is not enough to comply with government regulations about data protection. If a data breach occurs patients are not going to check if the institution was following rules, they are going to blame their executives for allowing the breach to happen, regardless of the reasons.
If you can't be bothered to worry about the health issues, at least realize that your hospital is likely to lose customers (and therefore government aid, grants, and donations) as word gets out over breaches. Compliance isn't enough anymore, and neither is just hoping things will blow over. Your business and your patients' lives depend on you protecting their data.
@Pablo- i know what you mean, but I had a funny image of someone coming to a trauma center in a helicoptor and the doctor is asking him if it is OK to look at his records while there's a big piece of glass sticking out of his chest. :)
Well you do need confidentiality in health services related to patients records. I think eventhough there are no automation for the records right now we still have some sort of a control in confidentiality for patients records. So if we are to go for something which can be automated, the 1st thing which should be considered here is the confidentiality part of the patients record. If they cannot gurantee it, then no point in going for an automation of the health care system
@pablo- I liek the emergency rules though I can see some situations where getting two doctors into a room to sign off on it would cost precious time. Seems like just giving specia access to the ER might work better.
Much of this seems to be a societal issue. People are less likely to get help for something that related to sex such as std's, drug or alcohol addiction, or mental illness. Until we can break that barrier, some people will hide their conditions because they don't want to be judged, not even by the doctor that is there to help them.
Stepping way from technology for a moment, how can we encourage medical staff and their patients to have the kind of relationship that allows for better communication on sensitive topics?
David, - I actually believe that bit. Its never easy even going for the regular checkup because it is intrusive. Now imagine if you suffered some disease that you considered embarrassing ...it would be understandable if you tried self medication first.
"If a data breach occurs patients are not going to check if the institution was following rules"
Data breaches will occur. Institutions will not follow rules. It's as simple as that.
Patients with conditions that can threaten their jobs if known will hide the conditions as long as possible. In my experience, too many others have had sudden adverse job reviews right after medical conditions became known. CIO's won't or won't be able to do anything about it but a token effort for appearance's sake. Token efforts with big, technical sounding names and a lot of consulting fees, I might add.
I'm on record a saying I think the concept of medical privacy is silly and that not keeping secrets would actually help us get over the various social stigmas surrounding certain diseases. Perhaps that makes me American (or stupid).
But if privacy is going to be a priority, the obvious solution is to anonymize data so that it can only be attached to a name with a token from the patient. A doctor can still give orders for patient X based on charts and info (and let's face, they'll know who patient X is) and strangers getting the data won't know who to link it to.
The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Please join us for the "IT Convergence Strategies: Why, When and How " to learn more about:
• 5 truths about infrastructure convergence today that go beyond the hype
• How to exploit the 4 phases of convergence maximum efficiency and agility
• Key milestones to plan for on the convergence journey
• Why integrated management is a critical component of convergence plans
• The importance of an open, modular approach, such as Dell’s active infrastructure, to building a converged data center
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail: firstname.lastname@example.org
Dell's Efficiency Modeling Tool The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise. Read the full report
Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
There's a lot of hype about virtualization of networks, NaaS, and SDN, but there's a couple of proven applications that enterprises could adopt right now and potentially save money and improve operations.
Skype/Outlook UC integration means we're going to have competition and fragmentation of UC client architectures, but is that bad? Modern devices can support IM, email, voice, and video clients, so maybe it's the back end of UC we need to be worried about.
Workers are now used to portable device support throughout their everyday lives. We should be looking at the policy of providing fixed-desk devices to support stationary workers. Could portable support be smarter?
Input devices run the gamut, from the humble Missile Command-style trackball to advanced speech recognition. Unfortunately, these input devices can be used for evil as well as good. Case in point: mobile ads that want you to talk to them.
Enterprises want three things in storage systems: First is some speech-recognition way of capturing videoconference data for indexing; second is semantic/AI analysis of emails and IM for content indexing; third is a better system for managing hierarchical layers of storage.