Keeping Personal Health Information Secure
September 2, 2014
By Bettina Experton MD, MPH, Humetrix President & CEO

The recent hacking of Community Health Systems' (CHS) data repositories, exposing over 4 million patient records, reminds all of us in the Health IT industry about the many reasons patients and health care organizations worry about the security – and liability risk with security breaches – of electronic health records. While it is true that patient health records are not immune to these attacks, the current default model – where all patient information is kept in a centralized depository – makes this sensitive information far more vulnerable.

While centralized repositories of the CHS type need to be part of our HIT landscape, further web based aggregation of sensitive patient information is ill advised when other decentralized technologies are available today to achieve the same results. For example, mobile technology allows patients to access and assemble various records on their own devices to be able to review and share their medical history with providers at any point of care. This is not only more timely, and facilitates interactive discussion between patient and physician, but can also help protect sensitive information.

Humetrix’s own iBlueButton app aggregates health data on the individual’s device only – where it can be securely stored with high-grade encryption. Hackers are unlikely to expend the effort to target millions of individual devices to get enough data to be valuable to them. By choosing high quality apps that use the latest encryption technologies and aggregate health data on personal devices only, rather than on the web or cloud based systems, consumers can help protect themselves.

Consumers should also be wary of free health or medical apps. Nothing is ever truly free – and if you’re able to download an app without paying, chances are that you are the product, and not the customer. Look at Facebook for the most common example. While we all enjoy the ability to connect with friends worldwide for free, Facebook is using our activities to help brands target consumers with amazing precision. Free health apps not offered by your own health care provider or insurance company to access the specific health information they manage for you have to rely on either advertising or the resale of users’ data to advertisers or other organizations as their business model.While these apps let you know that some or all of your information may be de-identified before being shared to third parties, re-identification of your very sensitive data is often very easy.

Consumers should look for moderately priced apps whose terms clearly state that information is never shared, and where all the data is kept only on their own devices or the devices of physicians with which they choose to share their very sensitive personal health data. For the price of a latte or two, invest in apps which give you the tools you need to manage your healthcare but not expose the very information you want to remain private.

Privacy Policy and Terms of Use