It is easy to take for granted the incredible transformations in the last two decades in how we communicate, share and store information and use technology. We have moved from high-speed Ethernet connections to wireless communications, from desktop to laptop to handheld devices, from email to texting, from personal listings to large social networks — all at remarkable speed.
The life sciences and medicine are part of this transformation. Hospitals are rapidly moving from paper to electronic medical records, and many health delivery systems give patients electronic access to their medical records and lab results. Physicians and other health-care providers can communicate with patients or review hospital records from anywhere in the world. Meanwhile, larger and larger databases are being constructed for the millions of pieces of data that comprise our genomes and other molecular profiles, and techniques are being invented to analyze and monitor these data.
These are exciting times, but they’re not without danger. Amassing medical information in digital form has created the potential for security breaches with serious repercussions for individual privacy, personal security and insurability, along with enormous consequences for health-care providers and systems. The federal Health Insurance Portability and Accountability Act sets clear standards for protecting patient privacy, and it fines violators.
Yet truly safeguarding patient information has proved elusive. The Department of Health and Human Services reports 435 breaches of health privacy and security affecting more than 500 individuals since 2009 — amounting to over 20 million patients. The majority of the breaches involve electronic sources, not paper. And of the electronic source breaches, just over 60 percent involved a laptop or other portable electronic device. Like many medical institutions across the country, we have faced our own privacy breaches, and we’re instituting a rigorous internal program to protect patient records.
It’s worth considering what the loss of medical privacy means for an ordinary person. One outcome can be medical identity theft — the use of your name and Social Security or Medicare numbers to obtain medical care, buy drugs or submit fake billings to Medicare in your name. Aside from the disruption to your life and damage to your credit rating, such an act can be life-threatening if it leads to incorrect information appearing in your medical record. According to a study conducted last year by the Ponemon Institute, identity theft has affected about 1.5 million Americans. More fundamentally, privacy breaches further harm the trust between physician and patient.
Those of us in the medical profession need to recognize the seriousness of our responsibility. Perhaps most important is to encrypt all sensitive data stored on your laptop, smartphone or portable storage device. Never leave the device unattended (even for a moment) in a public space, especially a coffee shop, an airport bathroom or a speaker’s podium. Devices left in automobiles, even in the trunk, are particularly vulnerable. And finally, unless absolutely necessary, never store sensitive information on a portable storage device in the first place.
The brave new world of data that we’ve entered will provide solutions to some of our most serious health issues. But like any change, benefits coexist with drawbacks. We must vigorously work to ensure that the data deluge contributes to the betterment of humankind, not its detriment.
Philip A. Pizzo, MD
Stanford University School of Medicine
Carl and Elizabeth Naumann Professor, Pediatrics, Microbiology and Immunology