With healthcare data breaches in the news just about every day, the timing could not have been better for last week’s webinar conversation “Unpacking the State of Patient Privacy: A Survey of American Consumers.”
The slate of health policy, law, and technology experts used the findings of Health Gorilla’s State of Patient Privacy Report as a starting point for a wider discussion regarding patient concerns about health data exchange, security and privacy of health data, and the benefits and risks of sharing data.
“Healthcare seems to be abuzz with some thrilling topics like generative AI,” said moderator Annie Burky, a reporter for Fierce Healthcare. “But for every one of those conversations, it seems to me there are just as many happening in hushed tones around cybersecurity.”
“Many experts now say that data breaches have gone from a matter of if to when,” she added.
This significant erosion of trust has left patients wary of healthcare technologies and skeptical about reassurances that their private information will be protected. The question of what can be done to engender trust in an increasingly digitized healthcare landscape and how patients can be empowered to control their own health information are of paramount importance.
Lucia Savage, Chief Privacy and Regulatory Officer at Omada Health and former Chief Privacy Officer at the Office of National Coordinator for Health IT (ONC), emphasized the importance of separating security issues due to criminal activity from people not understanding how data is used. She also highlighted the role of the Federal Trade Commission and state consumer protection agencies in regulating commercial healthcare, and talked about a July 25 blog from the FTC with a “baker’s dozen of takeaways” from recent cases.
“What the FTC is really trying to do is make an object lesson out of every litigation it does so that the people in the industry go ‘oh, I don't want to get in trouble with the FTC – I should improve my practices,’” Savage said. “But the lighthouse effect takes a while to take root.”
Dr. Grace Cordovano, co-founder of Unblock Health and board-certified patient advocate, pointed out that there is a hyper-awareness of health data breaches despite the fact that hospitals and health systems have not been forthcoming.
“Oftentimes it's the journalists that get ahold of the information and then it hits peer-to-peer support communities and advocates,” Dr. Cordovano said. “And we can't believe what's going on in our backyards.”
But how can we regain trust that has been steadily falling?
Dr. Mohammad Jafari, Community Based Care and Privacy Co-Chair, HL7 and Adjunct Faculty of ASU College of Health Solutions, fielded a question about how well technical standards and frameworks are keeping up with the demands for privacy.
“There is a vibrant community of patient advocates, people who are experts in health policy, and engineers who are actively working on these problems and they are often way ahead of what the regulations would require and even ahead of the common expectations of privacy,” Dr. Jafari said.
However, adoption and implementation has lagged behind in part because of the lack of general awareness about these expectations of privacy, he said: “I think the general expectations of privacy and the intuitive expectations of privacy by the consumer is really driven by the awareness of what is possible.”
The consumerism of healthcare is a good thing, because patients have seen how easy it is to get data in other realms.
“I think when you look out in the world, increasingly people are keeping track of their financial data, of their shopping data, of their exercise data. People have gotten way more used to collecting and managing their data,” said Dr. Steven Lane, Health Gorilla’s Chief Medical Officer. “So I think we are going to progressively see federal rules and regulations giving us more tools and more access. I think we are going to see a sea change.”
Savage says there are still traditionalists trying to wrap their heads around the idea that patients have a right to get their own data.
“We have about 10% of people who ardently want every single piece of data in their record,” she said. “And the other 90% are like ‘oh my god, carpooling is hard enough.’ I don't need my health data.’”
When it comes to patient privacy, a lot of it comes down to power.
“We have to recognize that there's a powerlessness that comes into play as being an individual receiving care because we just don't have access to the information tools and technology and data segmentation controls that are needed to really level the playing field,” said Dr. Cordovano.
Bethany Corbin, a privacy attorney and founder of FemInnovation, talked about the power that comes with controlling your own health data.
“And yes, it comes with a lot of burdens and a lot of responsibilities,” she said. “But I think I think we're really moving into a space where patients want that data, and want the ability to be able to control the health care decisions that they make, and that all comes from data empowerment.”