Healthcare information is one of the most delicate pieces of data that is collected every day, and people are increasingly concerned about it. CIOs and healthcare providers need to ensure the best security, not only because it is the law, but because data breaches actually affect how honest a patient might be with a doctor and how quickly they will seek medical attention.
New London Consulting conducted a survey of patients in the United Kingdom, and the answers were frightening for people who care about public health issues or the spread of communicable diseases:
38.3 percent stated they have or would postpone seeking care for a sensitive medical condition due to privacy concerns. 72.9 percent of patients reported that if there were any breaches of patients’ personal information at a hospital where they had treatment; it would reduce their confidence in the quality of healthcare offered by the hospital, and nearly 1 out of 2 patients, 45.1 percent indicated they would seek care outside of their community due to privacy concerns with 37 percent indicating they would travel substantial distances, 30 miles or more, to avoid being treated at a hospital they did not trust, in order to keep sensitive information confidential.
Another important finding is that 53 percent of patients withhold information about some sensitive medical condition from their doctor and healthcare provider out of privacy concerns, and 37 percent will travel significant distances to avoid treatment in an institution they did not trust.
It is also interesting to note the differences between the UK and the US:
UK patients are almost twice as likely to withhold information from their care provider about a sensitive personal medical matter if they had a poor record of protecting patient privacy as their American counterparts... In the UK, patients indicate that they feel stronger than US citizens about the degree in which executives and top managers should be held accountable for protecting patient privacy and in the case of a breach.
Obviously, some of those "sensitive medical matters" include conditions that are seriously contagious or more dangerous if left untreated over time. As the report states:
Accurate information is the bedrock upon which physicians assess medical conditions, and hence determines the treatment patients receive. When this information is withheld or even falsified, fundamental treatment assumptions are impacted.
CIOs need to be proactive about keeping information extremely safe. It is not enough to comply with government regulations about data protection. If a data breach occurs patients are not going to check if the institution was following rules, they are going to blame their executives for allowing the breach to happen, regardless of the reasons.
If you can't be bothered to worry about the health issues, at least realize that your hospital is likely to lose customers (and therefore government aid, grants, and donations) as word gets out over breaches. Compliance isn't enough anymore, and neither is just hoping things will blow over. Your business and your patients' lives depend on you protecting their data.
@Pablo- i know what you mean, but I had a funny image of someone coming to a trauma center in a helicoptor and the doctor is asking him if it is OK to look at his records while there's a big piece of glass sticking out of his chest. :)
Well you do need confidentiality in health services related to patients records. I think eventhough there are no automation for the records right now we still have some sort of a control in confidentiality for patients records. So if we are to go for something which can be automated, the 1st thing which should be considered here is the confidentiality part of the patients record. If they cannot gurantee it, then no point in going for an automation of the health care system
@pablo- I liek the emergency rules though I can see some situations where getting two doctors into a room to sign off on it would cost precious time. Seems like just giving specia access to the ER might work better.
Much of this seems to be a societal issue. People are less likely to get help for something that related to sex such as std's, drug or alcohol addiction, or mental illness. Until we can break that barrier, some people will hide their conditions because they don't want to be judged, not even by the doctor that is there to help them.
Stepping way from technology for a moment, how can we encourage medical staff and their patients to have the kind of relationship that allows for better communication on sensitive topics?
David, - I actually believe that bit. Its never easy even going for the regular checkup because it is intrusive. Now imagine if you suffered some disease that you considered embarrassing ...it would be understandable if you tried self medication first.
"If a data breach occurs patients are not going to check if the institution was following rules"
Data breaches will occur. Institutions will not follow rules. It's as simple as that.
Patients with conditions that can threaten their jobs if known will hide the conditions as long as possible. In my experience, too many others have had sudden adverse job reviews right after medical conditions became known. CIO's won't or won't be able to do anything about it but a token effort for appearance's sake. Token efforts with big, technical sounding names and a lot of consulting fees, I might add.
I'm on record a saying I think the concept of medical privacy is silly and that not keeping secrets would actually help us get over the various social stigmas surrounding certain diseases. Perhaps that makes me American (or stupid).
But if privacy is going to be a priority, the obvious solution is to anonymize data so that it can only be attached to a name with a token from the patient. A doctor can still give orders for patient X based on charts and info (and let's face, they'll know who patient X is) and strangers getting the data won't know who to link it to.
The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
4/29/2014 - Join Dell and Intel for an interactive discussion about implementing, refining and improving your virtual environment. Specifically we’ll discuss pain points virtualization can solve and those that it can create and how to prevent them.
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail: email@example.com
Dell's Efficiency Modeling Tool The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise. Read the full report
Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.