As Amount of Digital Health Data Rises, So Does Risk

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

All the talk about health care in the news reminded me that I had to schedule an appointment with my doctor. Rather than call the office, I went to a Web site where not only can I take care of scheduling, I can also check out test results from the past few years. With a few mouse clicks, I'm able to check what my cholesterol was in 2007 and see when I last had my blood sugar tested. If I have to see someone other than my primary care physician, that doctor (or nurse) is able to read my entire health history online. The communication between me and my doctor between me and my doctor or between my doctor and other physicans has noticably improved the ability to solve health-related issues.


However, the more health data goes digital, the more concerns arise regarding security. As a Computerworld article noted, the Department of Health and Human Services (HHS) set a deadline of 2015 for all health facilities to use electronic record keeping. Author Lucas Mearian wrote:


According to research firm IDC, about a quarter of all Americans -- 77 million people -- already have an EHR, up from 14% from in 2009. By 2015, IDC expects that figure to rise to 60%, spurred in large part by the Health Information Technology for Economic and Clinical Health (HITECH) Act. That measure, approved by Congress last year, included $19 billion in incentives for health care organizations to adopt EHRs.


Industry experts estimate that the amount of personal health data kept online measures in the terabytes -- and will grow to petabytes of data over the next four years.


With the increase of digital patient data, there comes a corollating increase in records kept on mobile storage devices. The American Medical News reported that only 39 percent of health care organizations require encryption on data stored in mobile devices, despite the recommendation of security experts. As the article's writer, Pamela Lewis Dolan, stated:


Just having your phone drop out of your pocket could launch a time-consuming and expensive nightmare of reconstructing data and adhering to fixes mandated under the Health Insurance Portability and Accountability Act.


Encrypting the data can eliminate the HIPAA obligation to notify patients of a lost device, under a provision that allows an exception if the data cannot be accessed.