Is Your Data 11 Times Safer With Your Doctor Than Facebook?
When the Wall Street Journal reported in November that one of the largest health systems in the country, Ascension, was partnering with tech-giant Google to mine patient data, the concerns around patient privacy reached their tipping point. Allegedly named, “Project Nightingale”, the partnership allows Google to aggregate millions of patients health data via medical records (including lab results, medications, and diagnoses) and apply artificial intelligence tools to recommend changes to patient care. This is in addition to Google’s acquisition of Fitbit, which many speculate will be a treasure chest of longitudinal heart and fitness data to unlock, even causing some Fitbit owners to throw away their beloved devices in the name of privacy. For many years now, technologists have claimed the key to unlocking health is commoditizing access to information and letting the machines go to work. For years the public has solely trusted healthcare institutions with their most personal information, but as companies like Google or Facebook move into the picture, Americans will need to decide who they trust most with their precious data.
In an August 2019 poll by POLITICO and the Harvard T.H. Chan School of Public Health, researchers aimed to measure whether healthcare organizations were trusted more or less with protecting a breach than other industries. The survey specifically asked participants to evaluate a list of 11 institutions who store sensitive information on whether they “have a great deal of trust” in keeping their personal information secure. In this study, researchers found a clear hierarchy between doctors, banks, hospitals, health insurance companies, cell phone carriers, credit card companies, email providers, commerce, federal government, internet, and social media. It may surprise you, but healthcare-related entities performed extremely well in this survey of trust, ranking as 3 of the top 4 institutions (along with banks).
Below you can review the actual results with healthcare entities colored in blue. The most trustworthy institution in the poll was the doctor’s office, which ended up being 11 times more trustworthy than social media companies like Facebook. Search engines (like Google) were the second worst performing institution type, nearly 5 times less trustworthy as doctor’s offices. This is interesting, because although technology companies do incur data breaches and manage server farms worth of information, they also employ armies of engineers who are dedicated to cybersecurity. Regardless of this perception, which apparently has not changed given the similar reaction to Project Nightingale and Google, I still wondered if Americans were placing false trust in healthcare or not?
In the same poll, when respondents were asked about the type of data Americans were most concerned about, social security numbers (63%) and credit card information (57%) were nearly double the concern of an individual’s health status or medications (31%). Given the Equifax breach of 147 million Americans and Facebook’s exposure of up to 87 million users’ information to Cambridge Analytica, it is easy to understand why healthcare organizations appear more trustworthy. Despite these results, healthcare startups should not take privacy lightly because the industry is consistently targeted by hackers in the 21st century. Just last May 2019, an 8-K with the Securities and Exchange Commission revealed billing services vendor, American Medical Collection Agency (AMCA) was hacked for eight months between August 1, 2018 and March 30, 2019. This resulted in at least six covered entities to report a total of 22 million patients who had data that was compromised. Since then, the parent company of AMCA, U.S. based Retrieval-Masters Creditors Bureau Inc. has declared bankruptcy.
As new technologists continue to take a bite out of the $3.7 trillion healthcare industry, I hope they take notice of the importance of securing patient data. Whether you operate a patient portal, telemedicine app, care management platform, personal electronic health record, genomic sequencing, or data analytics startup, you will have access to incredibly sensitive personal information that hackers would love to expose. Breaches are happening across every industry in America, with over 3,800 data breaches occurring in just the first 6 months of 2019. These breaches take on average, 279 days to identify and contain. Therefore, I hope you, as healthcare professionals, do your very best to continue to hold the public’s trust and protect patient’s most valuable information. This will be a key trend to watch in 2020 and the companies who perform the best will earn bonus points with the government and American public.