Let me start by summarising the questions raised in the HealthITnews blog post
- The point raised by Deborah Peel that "hundreds of millions of people (in U.S. healthcare) have access to patient data...many with no training on data privacy and security....". So is there appropriate checks and balances
- The justification for accessing patients data used by the U.S. Department of Health and Human Services that it benefits all by lowering the costs of healthcare. A relevant question is does this cost reduction have to happen at the expense of a patient's privacy?
- The potential risk of a "tech savvy" person with access to patient data, accessing this data for personal gain - are sufficient system protections in place to prevent this?
- The growth of personal mobile health apps in the mhealth sector that gather an individual's data as part of their usage. Do all mhealth app users understand where their data is stored and who has access to it? What importance do such users apply to the security and privacy of their data?
Placing the user centered approach in the context of
developing healthcare apps; I have seen at first hand
that working directly with healthcare staff and patients as
users; helps to validate and prioritise problems and future needs
before any code is developed (I.e. lean startup approach). Continuing this process to iteratively develop and test minimum viable solutions, ensures that practical solutions are developed and problems are
There are no absolute guarantees with the management of patient data, in the context of assessing medical needs and treatment progress. However, involving relevant users of this data in the solutions development life-cycle, can provide greater confidence in the reliability of the solution.
I would be interested to hear of your experiences of how healthcare data security and patient data privacy
concerns were addressed.