A couple of months ago, I was invited to speak at the ministry of health in Jerusalem. After I spoke, I was invited back speak with a senior member of the department. My initial understanding was that would be discussing potential areas where the company I was working for could interact with data from the ministry. Instead I was asked a whole series of questions about the way in which privacy was protected by the software I had written for the company. At one point, I made the comment that one could learn a great deal more about someone if they had access to their credit card information, in comparison to their medical record. Nevertheless, no one in the general community seemed to be concerned that their bank accounts or credit cards were being exposed. As is actually quite fascinating given that there had been some recent major breaches in security and privacy, on the scale of millions of people in the US. So when it comes to money, people do not seem to be moved even when breaches are large-scale and happen often. But when it comes to medical care, there is this paranoia that someone will discover that an individual is taking medication for their high blood pressure.
In any case, I was told by this ministry of health representative that I was wrong. She was quite insistent on the fact that privacy was far more an issue in healthcare. I reiterated that people might be falsely led to think that exposure other medical information could ruin them, but in fact if one has access to their financial information, then the potential damage is far greater. At that moment, I was told by the ministry of health representative that she was one of the people responsible for privacy and security. To be honest, I was shocked.
This article from the New York Times details how our financial activity describes us in great detail. While direct access to our credit cards may be off-limits, sales information from various stores is not. Companies that specialize in collecting this information and then redistributing it to various clients, can paint a very complete picture of millions of people. There are stories that have even made it to the newspaper where underage women were automatically assumed to be pregnant by computer systems that analyze this purchasing information. The fathers of these young women did not find this false conclusion at all humorous.
This article should be required reading by everyone. It reminds the general public that it is effectively an open book. Trying to go back in time and restore us to a world where our activities are not subject to review is of course never going to happen.
There is something that can come in place of this pervasive intrusion into our “personal lives”. what we need to do is to formalize our relationship with the Internet. We need to be able to wrap all of our personal data in an envelope of security that is respected by, at least, legitimate businesses. When our personal data is pinged, i.e. someone actively tries to access it, we should be informed and asked if we agree. In practice, we should almost always agree. Why ? Because as long as companies know that they can access information that makes them more successful and more profitable, they will not spend the money for other companies to troll around in order to discover everything about us. For information that we truly consider private, we would have the option to block access to it. But for anything else, we would find that we benefit from this openness. Companies would offer us directed advertising that we actually want to see. We would get offers for savings on products that we actually use. And, as noted in this New York Times article, our health may be better protected if we share our financial information. Trends in our behavior might indicate pending disease that we ourselves have not noticed. For example, if our purchasing in the local pharmacy drops off, this might be because we are leaving the house less often. And we are leaving the house less often, because our congestive heart failure is acting up and we are more short of breath even during the short walk to the local pharmacy. In such a scenario, our family Dr. might be warned of the fact, that we have become significantly less active. In the end, we would receive a phone call to come in to the office and to have our heart checked. This type of “intrusion” could save lives.
For anyone who deals with patients, or services for patients, it is critical that this point be made again and again. It is to everyone’s benefit, if we truly understand the value and the appropriateness of privacy online. Considering how many people, including baby boomers, share very personal information on sites like Facebook, it may very well be that there will be no increased exposure even if we formally allow companies to access information about us. The ultimate difference will be whether we benefit as much from the data about us.
This is my first blog post on this topic of technology and healthcare. I hope to write entries to this blog on a regular basis, and I definitely welcome comments whether in support of my view or challenging it.
Just a note about my personal background. I am a physician who studied computer science before my MD. For 11 years, I actively worked as a physician while developing and implementing a computerized medical record that is still in use by the company I was previously employed at. The software I wrote went through countless versions, constantly improving and adding features as specifically requested by the users. While developing the software, I learned about digital radiology i.e. computerized x-rays and ultrasounds and more. I built a web-based interface for the data in the system so that doctors and patients could access appropriate medical records. All of the standardized security and privacy features were implemented. What I learned during this time is that technology can be incredibly confusing and daunting, if for no other reason because it changes so often and so dramatically. And I started writing the system, the idea of the majority of people carrying smart phones was a dream. Halfway through the years I worked on the system, I developed multiple tools geared towards access on a smart phone. This is the reality of all technology. You must be ready to change features and add features with minimal warning. My combined medical and technology training allowed me to see things differently than many others. I could imagine a feature that I wanted as a physician, and on my own add that feature to the benefit of myself and all other doctors who used the system. Now, as a private consultant, I’m looking to share what I’ve learned with others.
Thanks for listening