Data are essential for surveillance, epidemiological investigation, research, program development, implementation and evaluation. Data can be collected, analyzed and stored identifiable information from a disparate collection of sources and use these in diverse ways. However, health information exchanges raise corresponding legal and policy issues.
In this weeks assignment in Health Informatics, we are asked to answer the driving question: What are the benefits and risks of sharing health data? Answer the driving question in the local context of the Data Privacy Act.
BENEFITS
- Better Health Solutions
Fundamentally, the more data collected, the more the health solutions can be personalized for patients. With the use of large data in healthcare, better outcomes can be provided. Aggregating large quantities of health data could revolutionize physicians’ ability to diagnose and treat diseases. “If our job is to save lives, then it doesn’t make sense that we not share data and get as many people working on the problems as possible”, says Yale Professor Harlan Krumholz of the need for relevant data to be shared among researchers.
- Reduces Cost
Some healthcare consumers are often frustrated by having to repeat their medical information to their providers and the lack of access to their own health data that the healthcare providers maintain on their behalf.
- Cybersecurity Prevention
Healthcare information sharing can aid incident communication and potentially prevent future cybersecurity incidents from happening. Entities should know what happened, how it was discovered, what was the loss, harm, or damage, and also be shown proof that the incident happened.
RISKS
- Privacy Risks
Concerns over the privacy and security of electronic health information fall into two general categories: (1) concerns about inappropriate releases of information from individual organizations and (2) concerns about the systemic flows of information throughout the health care and related industries. Inappropriate releases from organizations can result either from authorized users who intentionally or unintentionally access or disseminate information in violation of organizational policy or from outsiders who break into an organization’s computer system. The second category—systemic concerns—refers to the open disclosure of patient-identifiable health information to parties that may act against the interests of the specific patient or may otherwise be perceived as invading a patient’s privacy.
- Security Breaches
Security breaches threaten patient privacy when confidential health information is made available to others without the individual’s consent or authorization. Keeping records secure is a challenge that doctors, public health officials and federal regulators are just beginning to understand.
- Data Inaccuracy
Inaccurate representation of the patient’s current condition and treatment occurs due to improper use of options such as “cut and paste”. This practice is unacceptable because it increases the risk for patients and liability for clinicians and organizations. Also, loss or destruction of data occurs during data transfer. A growing problem is of medical identity theft. This results in the input of inaccurate information into the record of the victim.
I believe, patients and providers will benefit when the flow of medical information among providers and health systems is open and unencumbered. More efficient and effective medicine is possible if this collaborative spirit and the technology that enables it are embraced by the healthcare industry. However, like what is stated in the Republic Act No. 10173, also known as the Data Privacy Act of 2012, the collection of personal data “must be a declared, specified, and legitimate purpose” and further provides that consent is required prior to the collection of all personal data. It requires that when obtaining consent, the data subject be informed about the extent and purpose of processing, and it specifically mentions the “automated processing of his or her personal data for profiling, or processing for direct marketing, and data sharing.” Consent is further required for sharing information with affiliates or even mother companies.