In today's healthcare market, consumers' desire to access their medical records digitally is creating a new challenge in patient privacy. Services such as online patient portals increase engagement in their healthcare, which is tied to improved outcomes.
Gynecologists work diligently to protect their patients' health data by implementing smart solutions like secure, cloud-based image storage and sharing technology, but it can seem as if a new hurdle is always around the corner. Digital assistants present some of the latest challenges; these products are convenient, but do they have a place in healthcare?
New Points of Access and Security Challenges
Patients are able to obtain their health records from virtually anywhere by using smartphones or computers, but they are also seeking information via other tools like Alexa, Siri or Google Home. As Digital Commerce 360 points out, these types of voice-activated systems are already providing medication reminders, pre- and post-surgical instructions and emergency room wait times. Moving beyond these "relatively simple patient tasks," voice-activated devices may soon be used to access online medical records; however, secure, authenticated login systems for them may be difficult to design.
Alexa in the Office
In April 2018, The National Law Review cautioned physicians' offices against adding voice-activated tools until these devices are HIPAA-compliant. At that point, any practice that wishes to use these products will need to sign a Business Associate Agreement with that vendor, per HIPAA standards.
While HIPAA does not prohibit the general use of these products for purposes that do not involve protected health information, they are not secure and can be risky to use within a healthcare practice. These devices are always listening for someone to speak to them, and occasionally record conversations when they "think" they have heard their name, which acts as a prompt. When one considers a USA Today report of how private conversations have been recorded and then forwarded by these devices, the potential threat to patient privacy becomes obvious.
Playing It Safe
Because data security is ultimately the responsibility of the provider, and physicians may eventually provide access through virtual assistants like Alexa, then security standards need to evolve along with the technology. Health IT Security interviewed industry leaders in healthcare information security who emphasized the need for a shift in focus from "incident response" to forethought and planning. The article highlights how healthcare records are becoming more valuable targets as hackers learn new ways of exploiting this type of data for identity theft.
Downfalls such as security breaches affect not only a patient's data, but also her trust. This next revolution in healthcare access is not yet fully realized, but private practice physicians should pay attention to this trend. If a practice is purchasing new technology to enhance accessibility for its patients, it should ask whether the vendor has thought about these possible implementations, which may be just around the corner. Just as importantly, office staff should caution patients to be mindful of security when accessing their own records.
These safeguards should always be addressed within a business's policies and procedures, as well as through training that does not happen only once, but is updated and required on a regular basis. This is even more important as technology continues to change the healthcare landscape.
