In the last two decades, our healthcare system has moved from paper records locked in a secure room to digital healthcare you can access in the palm of your hand. Necessity breeds innovation, and digital apps have empowered patients to take control of their health and given them unprecedented access to care.
But technology also brings new concerns to the table, including health data privacy and ethical concerns for providers. Learn what private and health data privacy means and what it can mean for digital health solutions in the future.
Defining Private Data and Health Data Privacy
Private data, also known as personal private information (PPI), is the information that identifies someone directly or indirectly: an address, name, phone number, or social security number, to name a few. PPI can be defined further as basic PPI and Sensitive PPI, including driver’s license numbers, medical records, and biometric information.1
Protected Health Information (PHI) and its modern equivalent, electronic Protected Health Information (ePHI), are subsets of PPI encompassing health information that identifies a patient directly or indirectly and are transmitted or maintained electronically or in paper records.2 PHI includes a substantial range of information, including demographic information and other PPI, all past, present, or future physical or mental health conditions, and treatments provided to an individual. Even the combination of PHI like location, and rare disease diagnosis, that can identify a patient is also included.
The Plan to Protect Patients
Although PPI itself is well-defined, the laws surrounding protection are not—it consists of a confusing and obscure mix of 100s of state and federal measures and sector-specific rules (the Children’s Online Privacy Protection Act, for example.)4
Health information, however, is a different story.
PHI is covered by a privacy rule known as HIPAA—Health Insurance Portability and Accountability Act of 1996—developed to allow appropriate sharing of health information in a health care setting while still protecting the users’ private information.
HIPAA covers a wide range of health-related entities, including individual and group health plans, healthcare providers regardless of size, healthcare clearinghouses that provide processing for medical claims, and telehealth or digital health providers.
Although some HIPAA violations are malicious—a hack or taken from a stolen device—some are accidental, such as lack of employee training, records disposed of incorrectly or stored insecurely, or well-intentioned employees sharing PHI in between shifts.3 Violations can be steep, companies may be fined millions of dollars, and individuals can face fines, disciplinary action, and more.
The Ethics of Electronic PHI
Electronic PHI is a relatively new endeavor. Less than 20 years ago, many organizations kept medical records in locked paper files. Throughout the early 2000s, ePHI became more common, but electronic health records (EHR) systems were buggy and unpredictable. In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was passed, paving the way for patients to have better access to their medical records and for hospitals and providers to share data more efficiently.5
Efficiency and privacy can sometimes be at odds with new technologies. A controversy has been simmering for years after HITECH’s EHR mandate: can we assure complete protection with ePHI? Has technology blurred the lines between what’s considered protected information and what is not? How can we secure health data privacy and maintain the ease of access patients want?
With more than 350,000 digital health apps ranging from fitness to disease management available to consumers, the privacy dilemma becomes even more critical. Three of the top ethical concerns accompanying medical app usage are confidentiality, non-maleficence, and provider autonomy.6
Healthcare apps sit at the crossroads between the uncertainty of data privacy laws and the strict compliance with HIPAA regulations. As there are no actual guidelines for security for new apps, consumers may not understand how their data is used, stored, and shared. A poorly programmed app could leave information vulnerable to hackers, and human error—for instance, an unlocked phone or public computer screen—can leave ePHI accessible to anyone.
Healthcare providers are ethically obligated to do no harm. Before jumping into a new digital platform for care, providers should evaluate the tool to ensure the benefits outweigh the risks. Does it allow time to truly help the patient? Can treatment through an app improve conditions? Or could the impersonality of an app disengage the patient?
A recent mental health app recently came under fire for its emphasis on productivity over actual improvement. Therapists for the company said they were encouraged to see 12 to 20 patients each week and bring in new patients every six months, which leads to incomplete treatments to the detriment of the patients. Therapists were also eligible for bonuses based on their productivity.
When healthcare providers are dependent on a third-party platform to find and care for patients, they may find they’re focused on following the company’s guidelines to stay on board. Another up-and-coming mental health app, recently reclassified therapists, so their benefits were based on meeting quotas. These measures mean providers could provide treatment based on what’s best for the app company instead of the patient.
Striking a Balance
Overall, providing access through digital tools can help mitigate the healthcare crisis in the U.S., but organizations should do their due diligence to provide transparency and a commitment to privacy.
At Uprise Health, we take data privacy and transparency seriously. Our EAP and member services are highly confidential, other than specific legal exceptions—court subpoena if we suspect a client is a threat to himself or others; or believe a child has been the subject of abuse or neglect. Until data privacy laws improve, there will always be risks involved with digital healthcare, and we strive to provide the best data storage quality possible to protect our patients.
The still-maturing digital health marketplace has a road ahead with ethical and health data privacy questions. Although the road may be bumpy, we hope it will bring more opportunities for a healthy life to more patients.
Learn more about the Uprise Health approach to mental health care and how we’re paving the way for better patient outcomes.