Data Security in the Age of Self-logged Health

Over at EMR and EHR I have a post going about the self-logging trend, in which people log their medical and other observations on a regular basis. I’m fascinated by the trend, but as an IT person, I shudder at the data nightmares this movement will leash if it becomes widespread.

Quantified Self, a major web hub for self-trackers, has posts on monitoring devicest hat can measures the vitals of people up to 10 meters away, and microsensor embedded mindfulness pills that transmit data to your phone when ingested.

So if someone steals my smartphone, does it mean that not only can s/he spam-text all my friends, but s/he can access all my health logs and PHRs that only my HIPAA compliant provider’s office and EMR systems were supposed to get their hands on?

Indeed, a news story in Med City News says that physical theft, not hacking, is the major concern for mobile storage devices. It’s far easier to flick an iPhone lying on somebody’s desk than to devote the brain- or computing power needed to hack into an EHR system from a reputable vendor.

Med City News reports that during the period from 2009-2011, there were 116 cases of data breaches involving at least 500 patient records (breaches that exposed fewer than 500 records were not included). Physical loss of devices accounted for a whopping 60% of security breaches.

As the Med City News piece notes:

HIPPA violations aren’t happening in the cloud. Rather, they’re happening in the doctor’s office, hospital IT closets, cars, subways, and homes.

Think about how much more this problem can be compounded if health logging becomes practise du jour?

Bottomline: Self-tracking may yet revolutionize healthcare, but could we as individuals potentially jeopardize our own data security? Possibly. It might be a fad among tech geeks but it needs some thinking through from an EMR/EHR perspective.