Privacy Risks and Harms

As healthcare providers and hospitals modernize the way health information is collected, used, and disseminated, existing privacy and security risks are likely to persist or become amplified. Health records contain a wealth of sensitive personal information, and a lack of transparency, over-collection, or aggregation of PHI may cause significant harm to patients.

First, if fundamental privacy principles are not respected, PHI might be shared in ways that lack transparency and are inconsistent with patient expectations. This unforeseen sharing may lead to mere inconveniences, like spam or unsolicited marketing e-mails, or to publication in secondary or tertiary records that may become accessible to government agencies, law enforcement, or courts. Further, it may lead to personal embarrassment, especially if the data relate to innately private matters, like mental illness, STD, or abortion.

Second, inappropriate collection, use, or disclosure of PHI may lead to discrimination or harassment. For example, a 1999 survey found that more than one-third of Fortune 500 companies viewed applicants’ or employees’ medical records before making hiring and promotion decisions.13

Third, patients may hide information or avoid treatment if they suspect PHI will not be adequately safeguarded. HHS has estimated that millions of Americans avoid treatment for early signs of cancer, mental illness, and STDs due to privacy concerns.14

Finally, one should not ignore certain security risks, which often exist in parallel with privacy risks. Specifically, EHRs and other health IT systems become attractive targets to hackers, fraudsters, or even curious employees when PHI is collected electronically. A single penetration of a centralized server could result in the compromise of thousands, if not millions of records. In 2015, the Identity Theft Resource Center (ITRC) reported 781 data breaches, the highest annual number since 2005, when the ITRC began tracking breaches.15 The health/medical sector tallied the second highest number of breaches (35.5% of all breaches). Under HITECH, HHS maintains statistics regarding breaches reported by covered entities and their business associates,16 and in 2015, breaches of PHI affected up to 113 million people.17

< Prev   CONTENTS   Source   Next >