Worry About Your Facebook Profile Not E-Health Records In The Cloud
We worry obsessively about how secure our medical health record will be. Yet The data our patients give away every day on their mobiles via social apps is enough to make you cry. Where does it all that data go?
Not always to places where people have the best intentions for you or your patients at heart. Your favourite big household brands are automating the collection, analysis and cross collation of your patients daily mobile data faster than you can blink. And turning it back at them to sell them everything. Everything from health insurance through to vitamins in the medical sphere but basically, everything.
How often nowadays do you get that awkward feeling you’re being followed by ads on your device? Just booked a holiday to Fiji and suddenly you’re getting lots of ads about flights to Fiji and bargains on the Coral Coast that have just come up?
Imagine what these companies could do if they somehow could combine the information about you from your personal facebook profile, your bank transactional data, your Linked In, your tweets, your popular local supermarket duopoly, a major Australian airline’s frequent flyer program (the one with a Kangaroo logo, let’s say) and … your health insurer. Does that feel just a little too far maybe? It’s happening. At least they’re out there trying their hardest.
Now some of these big brands and marketers would say “hey, we’re just trying to help…by knowing you so much better we can service you much better and stop all that time wasting with ads you don’t want to see” (yeah, I just love ads, bring them on guys…more please).
At least it’s a reasonably innocent intent of the data mashing these guys have, though. The worst I guess they can do is sell you something you didn’t really want. And its not like that doesn’t happen most days anyway. And by allowing yourself to be targeted in this manner, you do get some crazy app that spits out the greatest sayings of Paul Keating for every situation. Wonder what Paul would have said about personal privacy and social media apps?
But not everyone is so ‘well meaning’ with your ‘loosely’ provided data. It’s going in all manner of places below that iceberg that you probably don’t want to know about.
This is information you and your patient’s have given freely. Well, in a manner. You ticked the box at the beginning of that great app skipping through the part where they say that you give them full and irreversible rights to the ownership of your first born child. Who reads those things? They’re designed not to read. To be so boring and technical. But you should give one a go occasionally – all the way through. You’ll likely be shocked. A good place to start is your Facebook terms and conditions. They want more than the kids and the pets. They want it all.
So how come we are freaking out about e-health records in ‘the cloud’ (actually on the infographic in this story they are somewhere just above the Russian submarine about 600m under water, but let’s go with the terminology – its information sent and stored on the web).
As far as your patients e-health record is concerned, the current state of security is nothing short of scary, so it’s a little hard to fathom why there is so much fuss over putting the information in a proper and secure cloud-based environment.
What sort of scary? Well, scary like try ringing your local path lab, quoting that you’re a local doctor – just look one up on Health Engine or one of the other burgeoning public doctor directories (you can even access their AHPRA No if you like on another site but I won’t detail that one here) – quote a common test for a person you know to live locally (or John Smith if you like) and see what happens. Scary.
The greatest protection probably for the current state of e-health record security is that it’s usually not very interesting data. Of course, the STD test results of some big wig CEO who just returned from an exotic overseas conference where he got a bit drunk one night and can’t remember why he woke up in someone else’s room, might be of some use to his disgruntled employees. But these aren’t the sort of things that the people who are lurking on the dark side of the web are that interested in. They usually want volume and a rapid dollar return on their hacking investment. That would be hard to get hacking medical records.
It would be awful for people emotionally of course, and this must play an important part in our thinking on this issue. But practically, the return and motive just aren’t there mostly. And there is no comparison between the security on a decent cloud service to what we currently accept every day.
How safe are your records on your local practice server or even on a networked surgery server operating off a local practice server hub and locked up somewhere? How safe are they on the virtual private network of your scriptwriter provider? Very unsafe, especially compared to the sort of security that is now bank and financial services standard that you get in most high standard cloud data facilities. These places are much harder to get into than banks. You couldn’t even blow one up if you secured yourself the best bunker-piercing missile the US airforce has to offer.
The medical web iceberg is growing bigger and bigger, as the web does. And despite all the press hype about hacks into the likes of Ashley Maddison and the US Army, the security around the emerging major ‘cloud hubs’ is huge compared to what we have currently and what we accept in our everyday lives when we log onto the likes of Facebook and Twitter.
There are very real problems to be faced in getting the e-Health record going (not the least of which is how it’s been managed by NEHTA – not greatest ROI on $1 billion spent so far).
The security of your patients e-Health record ‘in the cloud’ isn’t one of them.
Written by The Old Surgeon via The Medical Republic