Medical data: hard to get legitimately, easy to buy or hack?
As more and more medical and healthcare data gets digitized, consumers are facing conflicting trends. First, it may become more difficult for them to obtain their own records, to which they are legally entitled. Second, as wearables gather everything from EEG waveforms to biomarker data and transfer the results to cellphones and tablets, hackers may find a way to access the data illicitly, or companies could sell the data without the owner’s consent.
The significance of this latter trend has been emphasized by several recent announcements, including one by IBM to provide consumers access to genetic data through a mobile app based on Watson cloud technology, a demonstration by imec and Holst Centre of home EEG monitoring capability, and ongoing efforts by members of the Nano-Bio Technology Consortium to continuously and non-obtrusively gather biomarker data using wearable sensors and mobile devices.
The concerns about the vulnerability of such data has prompted the U.S. Federal Trade Commission to seek assurances from Apple that it will prevent sensitive health data collected by its mobile devices from being used without owners’ consent, according to Christina Farr and Diane Bartz at Reuters.
Farr and Bartz report, “Apple said it works closely with regulators around the world, including the FTC, to describe built-in data protections for its services.”
Most data stored in mobile health apps is not protected by HIPAA privacy rules, Farr and Bartz write, adding, “The FTC…concluded in a recent study that many developers share or sell health data. The study found that developers of 12 mobile health and fitness apps were sharing user information with 76 different parties, such as advertisers.”
On the other side of the coin, patients can have trouble accessing their own medical records. Elisabeth Rosenthal in the New York Times recounts the experience of a patient who had surgery and wanted his records available should he be injured during adventurous travel.
“Hospitals are computerized, and patients have a right to their own records, so I assumed getting the chart would be easy,” writes Rosenthal. “I was wrong. The six-week ordeal included requests that needed to be made via regular mail, numerous phone calls, consent forms…copying fees that totaled $100…” and an in-person visit to obtain the paper documents.
She quotes I. Glenn Cohen, a professor at Harvard Law School, as saying, “You should be able to walk into a provider’s office and say, ‘I want a copy’—you are legally entitled to that.” Unfortunately, he adds, “The medical record is held hostage. The reason is often to keep a customer or keep a patient from leaving the practice.”
Rosenthal quotes one hospital administrator as saying that part of the problem is that “…the healthcare system has one foot in the paper world and the other in the electronic world.”