Health Data In-Security with Louis Libin

In health care the push for electronic medical records has caused a variety of changes some good, like one stop access to a patients’ complete file, thereby streamlining care and some pretty lousy, like doctors focusing more on their keyboard, new software and a variety of new apps and less on their patients. All of the many doctors and patients we have spoken with rue this latter aspect but the doctors rationalize it by saying that they are stuck with it. Nevertheless, there are more sensitive and dangerous concerns posed by the new technology as it is being applied to health care specifically and quality of life in general.

It is a fact: Technology and health care are now permanently mated and the long-term outlook is equivocal. Take for example the slow but steady shift toward Teletherapy and Telehealth. Using these techie techniques allows doctors and therapists to stay in constant touch with their patients. Medical monitoring and therapy via Skype or Facetime or other similar programs to connect with the frail elderly and shut-ins is helpful and has been shown to be highly beneficial for people who cannot get out to their doctors. There is however, an array of questionable even adverse side effects.

Teletherapy creates a superficial relationship. While you can see a person’s face using a Skype type connection this is only a digitized relationship not a real face-to-face one. In these computerized sessions, distractions abound and may range from computer glitches and delays, to clients checking their E-mail, taking a food break, or watching television while in the Teletherapy session. Until Teletherapy becomes legal beyond the constraints of boundaries and local licensing regulations therapists conducting these types of sessions are creatively calling them coaching, an unlicensed form of counseling, to circumvent the legal and ethical issues.

Telehealth sessions can be eavesdropped and there is some serious debate regarding how confidentiality can be assured given the ease of hacking. Most devices used in health care are easy to crack because the technology is ubiquitous and easily bypassed using simple technology.  The “bring your own device” approach which allows health care workers or individual institutions to select the digital devices they wish to use is a security nightmare for hospitals and health care providers. All devices are more than just tape recorders. They can broadcast a patient’s health information which includes doctors’ notes, lab results and operation outcomes and may provide deeper access to larger networks of private information. There is serious concern that heart monitoring devices, diabetes pumps and other medical equipment can be easily hacked and their functioning disrupted using simple and widely available software programs.

Patient apps are also an area of concern. Recently the American Medical Association issued a warning to its members in the newspaper American Medical News, about recommending health related apps to their patients. Many apps are not compliant with standards for confidentiality and may be easily hacked or just data recorded. Some apps report every key stroke a patient enters not just to their doctor but also to the company that created the app. If the doctor recommends an app that does this or one that may be easily hacked the doctor may be considered complicit in violating privacy regulations.

Health care billing also mandated to be secured is exchanged across a variety of networks. There is no possible method available at this point to secure this entire process or even make it simpler or transparent. Billing entities are forever adopting new policies and changing forms, quality assurance information remains open, business associates are expected to comply with confidentiality regulations but despite a recent violation ruling in the U.S. in which Affinity Health Plan, Inc. agreed to pay a $1.2 million settlement for not wiping patient data on leased photocopiers clean there is very little if any policing or enforcement. The real issue though, is that it may be impossible to completely “wipe clean” data once it has been stored on a chip. And of course, familiarity with systems causes blind spots. Compare this with the simple fact that a data services hub mandated for example by the new U.S. Affordable Care Act will be used to connect state health insurance exchanges with federal agencies. This simple requirement poses a more significant threat to privacy and security and may be a greater violation of privacy than anything else. It is also unclear how personal data regarding someone receiving medical care abroad will be channeled. Further, in an emergency there is no assurance of privacy everything is wide open and all data is accessible.

Last week, completely by accident, a radiology report was sent to one of our (LL) technology company’s fax number. It included all of the patient’s pertinent medical data, date of birth, social security number along with a diagnosis and recommendations for follow up. The reading appears to have been done in India. Accidents occur but must all personal information be required with each transmission of data? 

The potential value of stolen health information is astronomical yet access to a patient’s private information via their record or their health care device is increasing. Attempts to secure digital networks are at best tenuous. In the end technology is here to stay but we will have to determine the cost versus benefits of an interactive digital system and privacy issues and answer questions like – just how safe is the data? How productive or distracting is it? How is it being used for and/or against us? And, does it just create more screens between us?


About the Author
Dr Michael Salamon ,a fellow of the American Psychological Association, is a 2018 APA Presidential Citation Awardee for his 'transformative work in raising awareness of the prevention and treatment of childhood sexual abuse". He is the founder and director of ADC Psychological Services in New York and the author of numerous articles, several psychological tests and books including "The Shidduch Crisis: Causes and Cures" (Urim Publications) and "Every Pot Has a Cover" (University Press of America). His newest book is called "Abuse in the Jewish Community: Religious and Communal Factors that Undermine the Apprehension of Offenders and the Treatment of Victims."