For over twenty-five years, health related industries have increased the use of technology hoping to make healthcare more accessible, affordable, and efficient. As early as the 1990s, medical providers have slowly migrated to electronic health records (EHRs) from traditional paper record keeping systems. With the adoption of legislation like the HITECH Act, HIPAA, and the Patient Protection and Affordable Care Act of 2010, the Federal government has supported the trend of advancing technological innovations in the realm of the health care.
With increased reliance on EHRs, the issue of patient privacy is more prevalent. Medical providers must ensure, more than ever, that electronic record keeping will not jeopardize patient privacy. Providers bear the same burden in regard to online platforms, which provide virtual medical services to consumers. Especially, in the wake of recent technological breaches, how can healthcare providers ensure that the steady trend of IT innovations in health related industries does not experience similar issues with security and breaches occurring as of late?
In a recent article in the healthcare section of InformationWeek, Alison Diana outlined several pros and cons of technological advances in healthcare over the past twenty-five years. Making the top of the ‘cons’ lists was privacy. Diana noted that although medical providers take numerous precautions and implement safety measures to prevent breaches, there are also factors that are more difficult to control that can lead to leaks. Diana specifically noted that human error and criminal activity are two factors that often contribute to privacy mishaps.
Do the benefits outweigh the downfalls?
The Office of the National Coordinator for Healthcare IT, an office within HHS, believes that healthcare IT has its benefits despite its shortcomings. Proper implementation of healthcare IT programs can lead to decreased healthcare costs, increased access to healthcare, provide various forums for patients to have access to personal medical records, and create a simplified efficient system for recording sharing amongst healthcare providers. However, some legislators feel that more can be done to ensure that privacy is in fact protected.
On September 18, 2014, Rep. Robert Hurt, R-Va. and Rep. John Barrow, D-Ga., introduced a bi-partisan bill in the House, proposing additional privacy rights for potential consumers of insurance plans pursuant to the ACA. The bill would allow individuals who do not opt-in to the Federal healthcare program to remove any personal information from the site that they provided in the application process. Currently that option is not available to potential consumers. After, a potential consumer provides his or her personal medical information on healthcare.gov, it cannot be removed even if that individual does not decide to purchase a plan. Rep. Hurt explained to Information Security Media Outlet that he was prompted to introduce the bill after a constituent expressed concern with his inability to remove his profile from Healthcare.org, which contained a myriad of personal information and health history, after deciding not to purchase healthcare from the site. Rep. Hurt explained that he had not received an explanation about the policy of keeping consumer information after contacting the Agency several times to inquire why the data was kept if insurance was not purchased. Rep. Hurt also attributes studies from the Government Accountability Office highlighting breaches to healthcare.gov as motivation to create the bill.
The bill will offer all consumers, potential and realized, increased security when using healthcare.gov, a concern that is prevalent with consumers. Having the ability to remove highly private, personal medical information from a government controlled website can help decrease the feeling that “big brother” is watching. As of yet, HHS has not taken any steps to address the concerns Rep. Hurt outlines in his bill. However, addressing the concerns raised in the bill could be beneficial for HHS to lure individuals in who may be on the fence about healthcare.gov.