The Optimal Approach to Safeguarding Health Data
Written on
Health information encompasses any data related to an individual’s health status or disabilities. This can include symptoms, diagnoses, treatment plans, research, clinical trials, billing details, and discharge instructions.
Typically, health information includes personally identifiable details like name, date of birth, social security number, and address. It’s critical to remember that these identifiers can be obscured when sharing patient information for research or reimbursement purposes, as allowed under HIPAA (Health Insurance Portability and Accountability Act of 1996).
Back in 1996, when health information technology was still emerging, HIPAA was simpler to implement. Most health records were maintained on paper, making it easier to protect patient identities against theft or physical breaches.
In contrast, today’s advancements in information management and data analytics have rendered traditional HIPAA protections inadequate. Advanced AI-driven ransomware and malware can penetrate even the most secure medical data, linking health information to individuals despite any attempts at obfuscation.
Today, health information is treated as a valuable asset. In a competitive healthcare environment, everything recorded in patient files—from vital signs to treatment decisions—has financial implications.
Patients can face various negative consequences if their health data is improperly accessed. For example, if an employer learns that a job candidate struggles with mental health issues, they might opt for another applicant. Furthermore, companies may pay significant sums for such sensitive information.
Regardless of the motivations behind data access, it’s evident that health information is increasingly commodified, with corporations trading it in the cloud.
According to reports, United Health, a major global health insurer, generated $4.1 billion in profits from patient data in the fourth quarter of 2021, matching the combined earnings of its competitors.
The existing cybersecurity measures to protect health data are often insufficient. There is a plethora of articles and strategies available for defending against cyberattacks, yet the legal definitions of permissible access seem outdated.
While traditional cybersecurity practices—such as encrypting databases, employing strong passwords, and implementing firewalls—are necessary, they are becoming obsolete in the face of modern data management challenges.
“Amid recent ‘pseudo-GOLD RUSH’ boosts in data mining schemes, Artificial neural networks technologies, and discriminately validated Artificial intelligence endeavors by breadwinners of the 21st-century pirates; it deserves even more fundamental comprehension that anonymizing personal identity in virtue of ‘De-identification of personal information’ to secure data privacy is nothing but a circumstance of the feebleminded sentiment.” — Adam Tabriz, MD
The transition from paper records to digital systems should have prioritized “Data and Information Accessibility,” but unfortunately, this fundamental aspect has diminished.
While health records were once securely stored in filing cabinets, accessible only to authorized medical personnel, the shift to centralized corporate data silos has altered this dynamic. Now, medical facilities frequently rely on third-party corporations for access to patient information.
Currently, data access control is fragmented, reliant on multiple stakeholders, while data itself remains centralized. Coupled with outdated HIPAA regulations and the rise of sophisticated cybercriminals, it’s clear that patients and healthcare providers must reclaim control over their data.
Managing digitally stored data differs significantly from overseeing physical filing systems, and the security measures required to protect digital files are distinct from those for physical records.
Decentralizing health information ledgers could significantly reduce the risk of unauthorized access. To illustrate this, consider two scenarios:
Scenario-One: A bank holds a million dollars in cash on-site. A robber must evaluate the risks involved in targeting that bank, such as potential arrest and imprisonment.
Scenario-Two: Imagine that same million dollars is divided into one million individual dollar bills, each in a different person's pocket. In this case, the robber would have to access one million pockets simultaneously, making it a far more challenging and riskier endeavor.
This analogy highlights that decentralizing health data systems is a safer approach, akin to the second scenario.
Utilizing blockchain technology could empower patients by allowing them to control their health information, thereby expediting data access, reducing liability, and enhancing security.
Currently, third-party corporations have unfettered access to patient data, leading to issues regarding access, security, privacy, and the monetization of information that doesn’t rightfully belong to them. While corporations can track and trade health data, the true stakeholders—patients and healthcare providers—are often excluded from the equation.
This external access not only jeopardizes patient data security but also heightens vulnerability to cyberattacks.
Data breaches are financially devastating for healthcare organizations and patients alike, with an estimated cost of $380 per affected record. Thus, ensuring the security of electronic health records (EHRs) and protecting patient data remains a top priority in healthcare.
Blockchain technology addresses the accessibility issue by allowing individuals to control their own data, mirroring the safer second scenario previously described.
Patient data would still be encrypted and subject to security protocols akin to centralized systems, but it would reside in a distributed network that no single entity controls.
Empowering patients to manage their health information would also enable them to control who can access it and define the permissions regarding its use.
A blockchain framework would facilitate secure sharing of health data, enhancing data security and minimizing liabilities associated with breaches in centralized systems. Moreover, it would restore data ownership to its rightful creators—patients and healthcare professionals.
Robust blockchain ledger systems are emerging, offering enhanced security features that ensure secure data sharing while promoting collaboration among users.
In conclusion, it is important to remember:
“The decentralized essence of Blockchain will reduce extortion and legalized kickback by eliminating emissaries and empowering you; the vulnerable citizen — thus will play a pivotal role in its triumph and so yours! — That is precisely why it will be embraced by many, despised by few, and espoused as the means of permanence by others.” — Adam Tabriz, MD