Upcoming data breaches, and their impact on healthcare
Over the past few decades, as the healthcare delivery system has become inundated with technology and the introduction of electronic medical records (EMR), the risk of data breaches has threatened the nation.
The upward trend of the amount of information exposed is staggering. There were 4,419 healthcare data breaches of 500 or more records reported to the HHS Office for Civil Rights between 2009 and 2021. These breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 314,063,186 healthcare records, equating to more than 94.63% of the 2021 population of the United States.
Over 300 million healthcare records!
Healthcare data breaches can be defined as “illegitimate access or disclosure of the protected health information that compromises the privacy and security of it.” They’re usually classified into two big categories: internal and external. Internal breaches are related to abusing privilege, improper access or disposal of information, loss or theft, or sharing confidential information with a third party which could be intentional or unintentional. External disclosures are from outside entities that are hacking or IT incidents such as malware attacks, ransomware, phishing, spyware, or any type of fraud.
Leading types of disclosure for breached protected healthcare information were found to be:
Hacking incidents
Theft or loss of information frequently through lost or stolen portable devices such as laptops or cell phones
Unauthorized access (internal)
Improper disposal of unnecessary data
As organizations, companies, and government agencies struggle to develop new strategies to battle the theft and loss of valuable private information, new concerns arise in this decade. Many countries do not have data privacy laws in place to protect constituents from the use of protected information.
Health apps routinely share sensitive consumer data with third parties including social media firms, data brokers, and advertisers, according to a 2019 study from the British Medical Journal. This study highlighted these concerns among top-rated medical apps used in the United Kingdom, United States, Canada, and Australia. The results were shocking: 79% of these health and medical apps shared user information.
The recent ruling on Roe v. Wade has sparked new concerns about this wave of internet theft and tracking. Discussion and information sought on abortion topics are gaining momentum and fuelling the global debate regarding the safety of mobile health apps, some of which are used to track fertility. With changes to regulations regarding abortions, many women are left scouring the internet for information on abortion and alternative choices.
Some have a growing fear of information being linked directly to them and intruding into their digital footprint and even resulting in legal repercussions. This is one example of a multitude of safety concerns of personal and private health information being unknowingly shared.
All of this points to a larger issue of how personal health information (PHI) and internet security have converged, and how this can and should be regulated. There has been much discussion among government leaders as to how this growing concern should be addressed.
There is no single law regulating online privacy, but rather a patchwork of federal and state laws that hold a lot of gray areas that can be left for interpretation. A measured approach of both government regulations and responsible practices among healthcare organizations may be the most successful way to thwart and protect against healthcare data breaches.