Why patients worry about cybersecurity and patient-generated data
Patient-generated health data (PGHD), from wearables and other remote devices, represents an exciting opportunity to more deeply engage patients and families in care and offer robust data streams of objective information to better guide treatment plans. Yet, federal health IT experts note, one big factor that stands in the way of advancement on this front are fears about the cybersecurity of this sensitive information.
The Office of the National Coordinator for Health IT (ONC) has released a white paper that outlined some of the opportunities, challenges and security concerns that PGHD add to the digital health picture.
Security and privacy protections applied to PGHD are “uneven and do not establish a consistent legal and regulatory framework,” according to the ONC report, “Conceptualizing a Data Infrastructure for the Capture, Use, and Sharing of Patient-Generated Health Data in Care Delivery and Research through 2024.”
Like all data, PGHD “may be at risk for security breaches that could affect the integrity of the data and expose the data to access for malicious purposes because they are not subject to the same security regulatory framework as HIPAA-regulated entities. Concerns include insecure points of data collection and insecure data movement that potentially expose the device or the clinician’s information system to pollutants, such as malware,” the ONC report stated. “There is growing potential for risks related to unauthorized access, including cyber threats.”
The AMA participates in the Health and Human Services Health Sector Coordinating Council (HSSC) that recently released a four-volume publication offering practical cybersecurity guidelines for small, medium and large health care organizations for focusing on major threats, identifying vulnerabilities, and prioritizing resources. It also provides resources and templates that can be customized for an individual practice or organization’s use.
Another security concern cited by the ONC is the privacy risk of reidentifying deidentified data as it is collected and integrated from a variety of different sources. ONC, however, also identified several opportunities that PGHD provides for improving health.
According to the ONC, patient-generated health data:
- Empowers patients to capture, use and share PGHD to better manage their health and to participate in their care.
- Shows a more holistic picture of a patient’s health over time, “increases visibility into a patient’s adherence” to a treatment plan, and enables timely interventions.
- Strengthens the patient-physician relationship by facilitating the creation of an individualized care plan and fostering shared decision-making.
- Provides researchers access to a larger pool of data.
Aside from the big cybersecurity concern, the ONC noted other challenges. Among them:
- Practices may lack the technical infrastructure and workforce capacity to integrate PGHD into functional workflows.
- Evidence demonstrating clinical benefit of PGHD “is still limited and inconclusive.”
- There are liability concerns about using potentially inaccurate PGHD in clinical decisions or if PGHD is not acted on or reviewed.
- The lack of technical standards limits secondary research and clinical trial uses for PGHD.
The ONC also identified technical challenges patients face:
- As of 2016, 34 million Americans still lacked access to broadband internet.
- 36 percent of Americans do not own a smartphone.
- Use or ownership of smartphones could be challenged by a patient’s low income, cognitive or physical impairments, or language barriers.
EHRs purchased or upgraded in 2019 will include the capability to capture PGHD. Physicians should ask their EHR vendors to provide comprehensive education on this new feature. EHR vendors should provide best practices on the use, security and integration of PGHD into physicians’ workflows.
Patients may also be distrustful about how their information will be used. The ONC cited a survey conducted by the patient information-sharing website PatientsLikeMe which found that, among patients with an existing medical condition, 72 percent believe data from personal health records can be used to deny them health benefits, while 68 percent felt they could be denied job opportunities.
Original report can be found on AMA.
What’s the Difference Between Hackers, Malware, and Data Breaches?June 13, 2019
Federal cybersecurity agency on the way?May 31, 2019
11 Tips For Boosting Cybersecurity When You Have Remote WorkersMay 31, 2019
Cyber hacks up 20% in 2018, cybersecurity panelists talk about better passwords, systemsMay 31, 2019
Ransomware Cyberattacks Knock Baltimore’s City Services OfflineMay 22, 2019