Patient-generated health data (PGHD), from wearables and other remote devices, represents an exciting opportunity to more deeply engage patients and families in care and offer robust data streams of objective information to better guide treatment plans. Yet, federal health IT experts note, one big factor that stands in the way of advancement on this front are fears about the cybersecurity of this sensitive information.
The Office of the National Coordinator for Health IT (ONC) has released a white paper that outlined some of the opportunities, challenges and security concerns that PGHD add to the digital health picture.
Security and privacy protections applied to PGHD are “uneven and do not establish a consistent legal and regulatory framework,” according to the ONC report, “Conceptualizing a Data Infrastructure for the Capture, Use, and Sharing of Patient-Generated Health Data in Care Delivery and Research through 2024.”
Like all data, PGHD “may be at risk for security breaches that could affect the integrity of the data and expose the data to access for malicious purposes because they are not subject to the same security regulatory framework as HIPAA-regulated entities. Concerns include insecure points of data collection and insecure data movement that potentially expose the device or the clinician’s information system to pollutants, such as malware,” the ONC report stated. “There is growing potential for risks related to unauthorized access, including cyber threats.”
The AMA participates in the Health and Human Services Health Sector Coordinating Council (HSSC) that recently released a four-volume publication offering practical cybersecurity guidelines for small, medium and large health care organizations for focusing on major threats, identifying vulnerabilities, and prioritizing resources. It also provides resources and templates that can be customized for an individual practice or organization’s use.
Another security concern cited by the ONC is the privacy risk of reidentifying deidentified data as it is collected and integrated from a variety of different sources. ONC, however, also identified several opportunities that PGHD provides for improving health.
According to the ONC, patient-generated health data:
Aside from the big cybersecurity concern, the ONC noted other challenges. Among them:
The ONC also identified technical challenges patients face:
EHRs purchased or upgraded in 2019 will include the capability to capture PGHD. Physicians should ask their EHR vendors to provide comprehensive education on this new feature. EHR vendors should provide best practices on the use, security and integration of PGHD into physicians’ workflows.
Patients may also be distrustful about how their information will be used. The ONC cited a survey conducted by the patient information-sharing website PatientsLikeMe which found that, among patients with an existing medical condition, 72 percent believe data from personal health records can be used to deny them health benefits, while 68 percent felt they could be denied job opportunities.
Original report can be found on AMA.