I just finished my required training about the protection of patient privacy. Every employee of New York University Langone Medical Center must take an online course and pass an admittedly not very difficult quiz as to our duties regarding patient privacy. All other American medical centers have the same requirement. I passed my quiz. But, despite my certification, I think the effort to protect privacy in health care is a lost cause. It is time to admit that privacy in health care is dead. Confessing that privacy has passed on, while reporting a death is often very sad, has many benefits. Not only is the continued effort to ensure privacy protection futile, it costs a lot of time and money, undermines trust in the health care system, causes confusion that interferes with family needs and, most importantly, likely gets in the way of giving greater benefit to the sick, soon to be sick and those who are not yet born but who will also become ill.
Much of the required teaching in the United States about privacy involves learning a bit about the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Federal Office for Civil Rights of the Department of Health and Human Services enforces the law that protects the privacy of health information that could identify a particular patient such as addresses, phone numbers, email address and medical record numbers. I know from my training that hospitals and health care institutions must report any breach of information going to someone not providing care to a patient or paying for that care.
Despite all the effort to protect it, these days privacy both in health care and in general is not doing well.
There have been privacy breaches galore in health care. In 2015 alone, there were more than 720 data breaches. The top seven cyberattacks exposed nearly 200 million personal records to fraud and identity theft.
In February, 2014 as many as 80 million customers of the second-largest health insurance company in the U.S., Anthem Inc., had their account information stolen. Hackers gained access to Anthem’s computer system and got personal information including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses, employment information, and data on incomes. In the aftermath of the attack Anthem customers said their identities had been used to file fake tax returns, a common tactic for claiming fraudulent refunds. Some state officials warned that scammers were also targeting Anthem policyholders with fake credit-monitoring appeals.
UCLA Health stated it was hit by a cyber-attack in 2015 that “may have put some personal information at risk” for as many as 4.5 million people. Another insurer, Premera Blue Cross, was breached with 11 million customers’ records impacted. Quest Diagnostics (DGX), the medical lab operator, revealed in 2016 that had been the victim of a computer hack, potentially impacting the personal data of 34,000 customers.
The compromised data included names, dates of birth, lab results and telephone numbers
That is barely the tip of a growing iceberg of cybercrime. Hackers from anywhere in the world can access health systems and use the personal information they acquire to gain free access to costly medical services, for resale to other crooks, to procure drugs, or to defraud private insurers and government benefit programs.
Not only is privacy currently under assault by criminals breaking and entering with apparent abandon into health care databases, these assaults on privacy in health care are only going to get worse. Healthcare data hacking is lucrative. According to the credit rating company Experian, medical records can be worth up to ten times more than credit card information on the black market meaning bad guys have a lot of motivation to hack. Plus hackers get more for their efforts due to more and more links between data. A hack of the computer systems at the U.S. government’s personnel office compromised the personal information of more than 21 million current, former and prospective federal employees, including highly sensitive data such as background investigations. We now know more than a billion Yahoo user accounts were hacked in 2013. As health systems press to link data sets to improve patient care, monitor quality and speed research there are many potential roads that hackers can use to find their way to health-related databases. Digitization and electronic medical records mean that the bad guys who get in will get a lot more patient information for their trouble.
Efforts to protect against the bad guys mean that the good guys will be pushing privacy aside. The NSA has already admitted that it is thinking about monitoring all manner of personal medical devices which means that since they are talking about it publicly they likely soon will be doing so.
Not only are hackers, spies and criminals making a bad joke of privacy, doctors and nurses are doing a good job of posting pictures and records of identifiable athletes, celebrities, those with horrific injuries and autopsies on social media. Cell phones with cameras are ubiquitous in the hospital and nearly everything that happens in a hospital is now videotaped. In a world under surveillance by ubiquitous cameras privacy does not stand a chance.
Add to the challenges of uncontrollable theft, security recording and gossipy disclosure the reality of human error—leaving a computer in a taxi, not turning off computers with sensitive information on them, throwing away old drives containing plenty of personal health information and misplacing a few gazillion thumb drives and you have a world in which the only people who really believe their health care information will remain private are those who teach the subject in law schools and the leadership of the ACLU.
And to this dismal picture concerning privacy protection in health care the fact that few actually fully understand existing privacy requirements making privacy an obstacle rather than a benefit. After the horrendous mass shooting at a gay dance club in Orlando, Florida hospitals in the area were not sure if HIPPA restrictions would permit them to release information on the dead and the injured to partners who were not legal spouses or next-of-kin.
Do people care about their privacy in a world in which one nation taps another’s deepest secrets every month, whistleblowers flood the internet with all manner of top-secret stuff including accidently acquired identifiable patient records and patrons of dating sites for those seeking illicit liaisons find their names splashed all over the media? My informal polling of my colleagues and students reveals that the older you are the more you care. Younger people like their privacy but seem resigned to having it given away, stolen or sold. As those used to a world of paper records head off to their final endpoints—a point at which a great deal of privacy completely disappears —it is hard to imagine the next generation trying as hard to protect what they think and most likely is beyond protection.
As if that were not enough of a case to pull the plug on privacy there are the public health benefits to be had by giving up on efforts to protect the quaint concept. Those big genetic data sets when linked to identified patient records and lifestyle behaviors really could make a huge difference to making health care more efficient, safer and cheaper. Personalized medicine will go much faster when your whole genome is a part of your easily shared medical records. Putting a readily accessible chip on a watch, ring, eyeglasses or under your skin that carries intimate details about your health status could save your life in an accident or terror attack, even if it could fall into the hands of snooping third parties.
The critics will howl that all I have done is shown that we must redouble our efforts to hide our health secrets. We ought not give in to theft, accidents and irresponsible behavior they say. Build better locks—don’t just leave your door open! But, the incredible cost of trying and the documented futility of clinging to the illusion of privacy make those arguments more rhetorical than real.
It is hard to admit failure but sometimes the best course of action is to admit that nothing more can be done. Patients, doctors, health systems, insurers and other health providers ought to assume that third parties will have access to personal, identifiable medical information and behave accordingly. The hopeless and hugely expensive quest to protect what cannot be protected while losing the benefits of readily accessible identifiable health information for prevention, research and therapy ought to be abandoned. We need to create rules, expectations and appropriate penalties for a world in which privacy cannot be guaranteed to any patient.
It is time to grudgingly say goodbye to privacy—we hardly ever knew ye.