This is the second of a 3-part series, where we dig a little deeper into the questions of medical data in the Internet “cloud.” In the first part, we reviewed issues of data safety – how to guard against loss of data. In this second part, we will review data security – how to guard against data theft. The third part will focus on privacy and ensuring that only the right people can access the right data.
A review of issues around medical records ownership and protection shows that medical records are the property of those who prepare them (medical professionals), and not the property of those about whom they are concerned (patients), although patients generally have a right to review them, demand copies of them and demand their confidentiality. With limited and specific exceptions, consent is required in order to disclose such information to others. So, how does one create a framework of security that protects the confidentiality of such records against unauthorized breach?