The sacred respect that doctors have for the privacy of their patients has roots that go all the way back to the Hippocratic Oath. And now that most medical information is primarily kept in digital format, the importance of medical information privacy is more hotly debated than ever.
- Thanks to new advances in “big data” technology, there are many within the medical community who are arguing that open, unrestricted sharing of patient medical information could revolutionize the way we treat diseases.
- Also, law enforcement agencies see potential value in data mining or electronic medical records, and are placing pressure on lawmakers to provide them with warrantless access to patient records in order to help them prevent crime and protect the public.
Confidentiality is one of the core duties of a medical practitioner.</p>
But why is the protection of patient privacy so important?
- Does the expectation of confidentiality actually have an effect on patient health?
- What would be the consequences for a patient if this protection were taken away?
- And how does the use of electronic medical records complicate the protection of patient privacy?
There are a number of situations where a patient might not seek treatment for serious conditions, if they felt that stigmatization, persecution, or other undesired consequences might occur. This is particularly true for things such as drug addiction, mental health issues, sexually transmitted diseases, or even terminal illness.</p>
Recently, a Canadian woman was denied entry by U.S. Customs agents because she had previously been hospitalized for clinical depression in 2012. Despite her legally-protected privacy rights, the Canadian government had made this information available to the FBI and U.S. Customs and Border Patrol.
For a salesperson who must travel abroad for meetings and conventions, seeking help for such a condition could potentially mean the end of a career.
Electronic medical records can pose particular challenges to patient confidentiality.Â Both HIPAA and PIPEDA require healthcare institutions to have policies to protect the privacy of patients’ electronic information, including procedures for computer access and security.
In 2009, the Office of US Health & Human Services reported that a shared computer used for backup was stolen from the unattended reception desk area of a California-based medical practice. The incident breached the names, dates of birth, and clinical information of over 5,000 patients.
Comingling of data can also increase the damage caused by data breaches, since 87 percent of all Americans could be uniquely identified using only three bits of information: ZIP code, birthdate, and sex.
For example, The Massachusetts Group Insurance Commission released anonymized data on state employees that showed every single hospital visit. A researcher combined this data with other data sources, and was able to link these patient records to their associated names, addresses and social security numbers.
So how can medical professionals more adequately protect the confidentiality of their electronic patient data?
2 of the leading causes of privacy breaches are human error, and unauthorized access to storage media such as backups.
Although trust is important, limiting access and implementing proper controls can help. However, the technological aspect of privacy protection can be particularly challenging for smaller medical practices that might not have access to in-house IT security expertise.
Today, many small practices still perform daily unencrypted backups that are kept in the office or at physically insecure off-site locations. A single theft or break-in could cause considerable harm to many patients, and expose the medical practice to legal liability.
Outsourcing backups to a HIPAA or PIPEDA compliant cloud backup provider can help simplify the backup process while greatly improving overall privacy protection.
With cloud data protection, backups can be securely encrypted and sent off-site to a physically secure datacenter. And the whole process can completely automated.
As we’ve seen, protecting patient confidentiality is an important part of providing effective healthcare services. And for medical practitioners who care about their privacy protection obligations, secure, compliant cloud data protection services can be a great, cost-effective way to preserve patient information for the long-term, while also ensuring that this data is safe from unauthorized access or other privacy breaches.