The Most Practical Way To Protect Health Information

Medical Practices Can Take Up All The Habits to Keep Patient Data Safe, But Nothing Will Replace Decentralization Of Ledgers

Initially published by Illumination Curated on Medium!

Health information is any data recorded or communicated about an individual's health and disability. That information can be anything from symptoms, diagnosis, treatments, research, and clinical trials on that person to records, billing information, and discharge instructions.

In a typical scenario, every health information contains individual identifying information such as full name, date of birth, social security number, and address. The latter is essential to always bear in mind. Because, in the circumstances, entities can freely share patient information given they have concealed their personal identifying information. For example, they can share for research and reimbursement purposes permitted by HIPAA (The Health Insurance Portability and Accountability Act of 1996).

Since health information technology was still at its preconception stage in the year 1996, therefore the application of HIPAA was a straightforward undertaking. That means almost every health in formation, with some exception, were on paper ledgers. Hence, except for theft and physical hijacking, concealing the patients' identifying information was merely sufficient to protect their private information.

Today, after decades of advancement in information management and the emergence of sophisticated data analytics, the concept of HIPAA has become a thing of the past. For instance, advanced artificial intelligence-powered ransomware and malware can hack the most complex encrypted medical information. They can also correspond any health data with its host despite being concealed.

Today, Health Information Is A Valuable Commodity

Amid the growing competitive healthcare landscape, like any other data, whatever goes into the patient record, from blood pressure and symptom to clinical decision-making by the treating physician, is worth money.

Harms individuals can suffer from if their data is wrongfully accessed can be, indeed, multifaceted. For instance, if an employer recognizes that a prospective employee suffers from depression and anxiety, they will most likely pass on that application to another candidate. Some companies, legal or not, would probably pay dearly for such valuable information.

Regardless of the intent and motive behind someone or some entity's stake in accessing other people's data, one thing is clear amidst the growing big data industry. Health information is precious, and corporations are trading it over the cloud.

Based on a report, United Health, a global health insurance supplier, had a $4.1 billion profit on patient data in the 4th quarter of 2021. That level of revenue matched what its competitors earned combined.

The Prevalent Cybersecurity Measures Are Vague

Today one can find thousands of articles and solutions to protect health information from unlawful hackers. That is, even though laws seem outdated regarding who the lawful hackers are and what they should not be doing with patient data.

The utility of standard cyber security measures that protect electronic health record systems from Internet-borne attacks like spyware is necessary. So encrypting the database to prevent inherent software flaws and vulnerabilities or using strong passwords, firewalls, and multi-level authentication systems are all acceptable and necessary. Nonetheless, they are also primitive amid our sophisticated information management habitat.

“Amid recent ’pseudo-GOLD RUSH’ boosts in data mining schemes, Artificial neural networks technologies, and discriminately validated Artificial intelligence endeavors by breadwinners of the 21st-century pirates; it deserves even more fundamental comprehension that anonymizing personal identity in virtue of ’De-identification of personal information’ to secure data privacy is nothing but a circumstance of the feebleminded sentiment.” — Adam Tabriz, MD

Access To Data And Health Information Deserves Special Attention, But Does Not!

One thing I believe should have received particular attention while transitioning from paper records to the digital ledger system is the concept of "Data and Information Accessibility." The latter should not have changed but unfortunately has!

While health information was on paper record format they were stored in the fileroom, access utterly restricted to the medical professionals and their respective patients. But, like many other things in tech industry that, too, has changed!

Today, the centralized data silos in large corporations' servers have replaced the "semi-decentralized" medical clinic file rooms. Nowadays, even medical clinics depend on the 3rd party corporate help to access patient information.

Indeed, currently, access control to data and systems is fragmented and interdependent with multiple players, while information is utterly centralized. Combining this with the outdated HIPAA ordinances, deep-pocketed corporations, and the existence of sophisticated hackers, one can only draw one conclusion. That is the medical practice, and patients must win control over their data sets.

Naturally, controlling virtually stored data is not entirely the same as owning physical access to file rooms. Similarly, monitoring for file room intrusion requires a different system than the files stored physically.

Decentralization Of The Health Information Ledgers Will Maintain The Gate On Their Illegitimate Access

Irrespective of the motivation and intention centralized system for any reason comes with its particular downfalls. For the sake of clarifying what I mean, let me run you through a couple of scenarios:

Scenario-One: Let us assume there is a bank with a million dollars in cash stored onsite. To rob that bank, the perpetrator would probably assess the feasibility and risk associated with burglarizing that bank in a single attempt. It may be so that the bank robber would risk police arrest and ten years in prison.

Scenario-Two: Now, let us assume a different "scenario" that also pays one million dollars. But, this time, the million dollars is divided among one million persons and placed in their pockets as a single dollar bill. In this scenario, for the robber to earn a million dollars, they must pick one million "pockets" simultaneously, still risking the same penalty for robbing the banks in the previous scenario.

The second scenario is not as feasible and probably carries more risk of being caught redhanded. More so, it is less practical given that it is almost impossible to pick one million pockets simultaneously.

Translating the earlier mentioned scenarios into handling data and health information, one can understand that decentralizing ledgers is the safer option, just like the second scenario.

Placing Patients In Control of Their Data Utilizing Blockchain Technology Can Expedite Data Access, Decrease Liability, And Increase Security

Third-party entities like corporations have unlimited access to patient information. It creates problems of access, security, privacy, monetization, and advocacy of a commodity that does not belong to them from the beginning. And while corporations can track, trade, and mediate health data, those who produce and are the actual stakeholders of that information are continually cut out of the deal.

The said privilege guaranteed to the 3rd party players in the healthcare arena not only directly undermines the patient data security but also exposes them to indirect hacking and theft.

Data breaches are costly to healthcare organizations and patients. It, by estimate, involves $380 per affected record. That is why guaranteeing electronic health records (EHRs) security and patient information protection is among the top priorities in the healthcare initiative.

Blockchain solves the "accessibility" factor of the data security issue by placing individuals in control of their data, just like the second scenario theft mentioned earlier.

Patient data must be encrypted and follow the same security protocol as the centralized system. However, one will stow it in a distributed network owned by no entity.

Allowing individuals to control their health information would also authorize them to manage who can and can not access them. They can also set their permission level as to what the others can do with their data.

A blockchain system will help owners of the data securely share their data for any purposes they wish. That will improve data security and reduce the liability associated with security breaches in centralized systems. It also returns the data as an asset people create and their profit to their legitimate owners, the patients, and medical professionals.

There are emerging Blockchain ledger systems that are robust and efficient. Some come with better gating capability that ensures more secure file sharing while supporting collaboration amongst its users.

All in all, the take-home message to keep in mind:

“The decentralized essence of Blockchain will reduce extortion and legalized kickback by eliminating emissaries and empowering you; the vulnerable citizen — thus will play a pivotal role in its triumph and so yours! — That is precisely why it will be embraced by many, despised by few, and espoused as the means of permanence by others.” — Adam Tabriz, MD