Please Complete This Form
By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
You walk into your healthcare provider’s office and are usually handed a clipboard with papers that need to be filled out, updated, and wrapped up with your signature. We mindlessly take our task to the nearest seat and complete, sign, initial, and update whatever we’ve been given. This information goes into our file and continues to build up our profile – sometimes for life.
You are ok with this process because the input is coming from you, with your knowledge. But what about if and when insurance agencies pull data about you, for your “profile”, without your knowledge?
When Is It Okay?
Collecting data isn’t new. We ignore the fine print when clicking on “OK” or checking boxes to get to the next screen. We assume that our information is being used to determine how well a product does regionally. What kind of coupons should our grocery store send us? Those frequent shopper cards are less for you to get deals, and more designed for the stores and product manufacturers to track who is buying what, when, and how.
When it comes to healthcare, is it ok for insurance providers to take that data and use it to build up your health profile? Do you mind that they know you binge watch tv, or go through 4 liters of soda per week? What does that say about your lifestyle, your likelihood of disease? And vice versa, are you a gym member – and just how many times do you go per week?
A recent study from MITRE-Harris did a deep dive into this practice and found that there is a significant gap in what the public assumes is happening with their data, and what is actually happening. What the shopping or retail stores identify as consumers are the very same individuals that the healthcare industry calls patients. But when you say consumer data, it sounds far less invasive than patient data, doesn’t it? So, where are lines crossed that should be hard stops? What information is actually relevant from these data mines of purchasing and lifestyle choices that we make every day?
To make the conversation even more complicated, how do we determine which data is relevant and shareable when it comes to the greater good and safety of society? Are purchases that indicate sickness or a transmittable disease on the table to share for protection purposes?
The conversation will continue with this topic and has been brought to light by this study. We look forward to seeing how it is addressed within each generation of consumers as well. In other words, do the younger generations who have grown up with social media and digital footprints just assume that this information is being collected and shared, and will there be less demand to change policy as the ‘older generation’ fades out? We’ll have to wait and see.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE