In our previous installment of this series we asked the question: Why should we care about health information privacy? We explained why health information is more sensitive than other personal information and discussed the impact of cybersecurity breaches on patients and health care organizations.
In this post we will review different types of health technologies, weigh the benefits and risks and discuss how one’s safety and privacy can be affected by exploited vulnerabilities in these technologies.
Health Technology in the Digital Era
With the accelerated development of health technologies over the past decade, both patients and providers have entered an era in which much of our information is stored, processed and transmitted digitally. Whether we like it or not, we have become more dependent on technology to access and receive care, and our providers rely on it to diagnose and deliver care.
This rapid progress has gone beyond the confines of hospitals and clinics and has moved health technology into the patients’ hands and homes. The way we communicate and access health information from the comfort of our living room has turned digital. We can use patient portals to schedule appointments and communicate with our providers or to access and share our health data with guardians and loved ones.
We carry devices on our bodies to monitor and mitigate medical conditions, or we bring our smartphones to track and share our workouts and collect our vital signs as part of our daily routines. There are mobile apps that help us monitor our sleep, manage our stress, calculate our insulin doses and remind us to take our medications.
However, a manufacturer’s rush to market or lack of concern about risks leads to products designed with functionality in mind and security and privacy as an afterthought. To the extent that security is often retrofitted to the products or services that have already been introduced on the market.
Not All Health Data Is Protected Equally
Patients and individuals who use health technologies may be unaware of how their information is collected, used or disclosed to third parties. Data privacy policies associated with these technologies are not all the same, may not be clear to the user or may even inaccurately state how personal information is used and handled. Even if some policies do address these issues, such language may be buried under pages of legal jargon or worded in such a way that makes it difficult for a layperson to understand and assess potential risks. In addition, technology companies may lack adequate controls or not implement them effectively in regard to protecting your information.
What about cybersecurity? Data leakage and hacks are an everyday concern in this day and age. Total security does not exist. Thus, any health technology could conceivably suffer from a vulnerability that could be maliciously exploited — especially if the manufacturer is not required or does not have the capability to respond or proactively address these security flaws.
Weighing the Benefits and Risks
Both medical and consumer health technologies have a promising future in improving the health and overall wellbeing of individuals. But, with the benefits come new risks to the security of these systems and the privacy of the data they hold and transmit. We must remember that we all play important roles in protecting the confidentiality of our digital health footprints, ensuring that technology is used to our benefit and cannot be used against us. The same way we protect our personal and financial information, we must care to protect our health information and the safety of the technologies we use.
Some of the best features in today’s health technologies are ease of use and portability, which in so many cases require the internet and a smartphone to enable them. Not by coincidence, mobile phones and applications have increasingly become some of the favorite targets of hackers. Why? Because a smartphone is a mini-computer with superpowers. It has a microphone that can listen to you, a camera that can see you, a GPS that can locate you and an antenna to connect from anywhere. And it contains so much of your information, including your telephone, address, emails, photos, contacts and access to bank accounts and credit cards. This is a dangerous combination if not secured properly. Essentially, the smartphone is a part of our daily lives and contains a treasure trove of information.
With health and wellness technologies (i.e., those that are not specifically designed to diagnose, cure, treat, mitigate or prevent a disease or medical condition), we as users have a greater responsibility for what we choose to use and where we deposit and share our personal and health information. These technologies may hold and transmit information that, in the wrong hands, could potentially be used to harm us in many other ways.
With different types of health technologies we have different degrees of control over what is stored and how we can protect our information. Keep your eyes peeled for our next and last installment in this series, where we will discuss what we as patients and health technology users can do to protect ourselves and our information.
Suggested further reading for those interested:
- How Safe Is Your Quantified Self?
- Internet of Things – Privacy & Security in a Connected World
- Every Step You Fake – A Comparative Analysis of Fitness Tracker Privacy and Security
- Privacy, Security and Wearable Technology
About the Authors
Members of the Healthcare Information and Management Systems Society (HIMSS) Privacy and Security Committee:
Carrie McGlaughlin, CISM, has worked two decades in health care IT and is the director of information technology and HIPAA security officer at the Buckeye Ranch, a behavior and mental health organization for youth and families.
Axel Wirth, CPHIMS, CISSP, HCISPP, is a distinguished solutions architect for the U.S. health care industry at Symantec Corporation. He provides strategic vision and technical leadership within Symantec’s health care vertical, serving in a consultative role to health care providers, industry partners and health technology professionals. Drawing from over 30 years of international experience in the industry, Mr. Wirth is supporting Symantec’s health care customers to solve their critical security, privacy, compliance and IT management challenges.
Bayardo Alvarez, CPHIMS, is the director of information technology for Boston PainCare Center, an interdisciplinary practice focusing on the treatment and research of chronic pain. His responsibilities include overseeing Boston PainCare’s cybersecurity program and compliance. Bayardo has served in the health care industry for over a decade and has over 30 years of experience in information technology. He is also a member and chair of the HIMSS Privacy and Security Committee.
Lee Kim, JD, CISSP, CIPP/US, FHIMSS is the director of privacy and security at HIMSS. In her role, she focuses on education and advocacy related initiatives involving health care information security and privacy. Lee has worked both on the technology and the legal aspects of health IT for over 10 years.
- #ChatSTC Twitter Chat: Privacy Matters – Why You Should Care and What You Can Do
- Health Technology in the Digital Era –Benefits and Risks
- #ChatSTC Twitter Chat: Happy #PrivacyAware Holidays!
- Health Information Privacy – Why Should We Care?
- #ChatSTC Twitter Chat: Protecting Critical Infrastructure from Cyber Threats
- #ChatSTC Twitter Chat: The Internet Wants You – Consider a Career in Cybersecurity
- Why Diversity Is Needed In Cybersecurity – My Unique Experience Helps Protect People
- The Higher Education CISO: A Modest Security Awareness Hero
- Today’s Predictions for Tomorrow’s Internet
- #ChatSTC Twitter Chat: Today’s Predictions for Tomorrow’s Internet