Unless a patient is a data protection officer or lawyer, or intimately familiar with hospital and medical software, many mistakenly assume that data is shared frequently. Patients assume this happens between hospitals, physicians, nurses, insurance companies and other providers in the medical sector.
Considering we live in a highly-connected world of big data, patients can be forgiven for assuming everyone knows the same information and ‘computers talk to one another.’ Right now, in many cases, that isn’t the reality. Although we are now moving towards a more secure world of healthcare data sharing and interoperability.
When it comes to sharing health data, patients need to know their information is safe and is only being shared with those that should have access.
Risks of sharing patient data
With thousands of popular healthcare apps on the market, patients are downloading everything from reminders to take their medication to sleep and activity monitors. The vast majority of these apps weren’t designed by doctors. Medical professionals may not have been involved.
So it should come as no surprise when a University of Toronto study found that “health related data is widely shared with companies that have nothing to do with health.” A study of 24 highly-rated health apps on Android phones in the UK, the U.S., Canada and Australia, found that most are sharing data (19 of 24 apps examined) — some without patient knowledge — with 55 direct connection entities and a further 216 fourth-party entities around the world.
Companies receiving this sensitive consumer data include advertising firms, data analytics providers, marketing companies, software developers and their parent companies, and multinational tech giants. Not a doctor or medical professional in sight, and in time, data privacy experts fear this will have a similar impact as our credit scores being released to third-parties without our consent.
Even though those that download these apps aren’t aware, the developers and companies behind them will say users consented. It will be in the privacy policies and terms and conditions. But who really reads those? And even those who do, only lawyers understand them.
When someone believes they need an app for their health, many aren’t going to stop to read what happens to their data more thoroughly before clicking download.
According to Reuters,
Healthcare privacy experts weren’t surprised by the findings.
John Houston, vice president of privacy and information security and associate counsel at the University of Pittsburgh Medical Center, noted in that article that tech companies and others in the sector don’t have the same legal requirements to protect patient data. “What happens if an employer decides you are at risk for cardiovascular disease and doesn’t want to hire you?” he added.
Jennings Aske, senior vice president and chief security officer at NewYork-Presbyterian Hospital says that:
We’re waking up to the fact that this is not a niche problem anymore. My biggest complaint is that decisions are being made about you based on imperfect data that ultimately can have a negative impact.
How to go about data sharing in healthcare the right way?
With GDPR in Europe and CCPA soon impacting U.S. consumers, medical software developers are moving towards improved data transparency with users. Customers should know who is getting access to their data, and why, and ultimately have the ability to access that data themselves or revoke data sharing access.
Companies that don’t comply with these rules could face fines and legal action taken by government agencies and unhappy consumers.
Healthcare experiences and health outcomes will improve when data sharing gets better. Sharing data with third-party companies might generate extra revenue for developers, but this won’t help consumers and it could prove a short-term route to extra revenue. Long-term solutions involve adhering to evolving and stricter data protection laws.
Long-term solutions for healthcare app producers need to involve medical professionals. Providers and hospitals, insurance and entrenched medical applications (e.g. EHRs and EMRs), and biopharma companies. Data sharing needs to happen in the most secure and transparent way possible, to provide patients with a holistic set of digital treatments and new services that improve health outcomes.