Patient Privacy in the Digital Age

ISHAN VAISH – With the onset of a pandemic, telemedicine has become an increasingly popular alternative to going to a doctors’ office. Along with being safer, telemedicine is more convenient and enables patients to see doctors who may not have otherwise been close enough to visit.  Studies have consistently found that telehealth allows for more efficient and updated interactions between patients and doctors.However, as with other innovations of the digital age, telemedicine’s biggest drawback continues to be data privacy. 

HIPPA acts as the main federal source of patient data protection. Under HIPPA, authenticating and data encryption measures must be used by the healthcare provider whenever they facilitate interactions with the patient. HIPPA also requires that all patient data should be shared at a minimum necessary standard where data is only shared to the minimum extent necessary. While in pre-Covid times these regulations are enforced strictly, to combat the rise of telemedicine usage amidst the pandemic, the Department of Health and Human Services chose to relax HIPPA guidelines in order to not penalize the inevitable breaches of patient security that happen as patients and doctors adjust to a telehealth environment. While this does not condone any intentional HIPPA violations, accidental violations are overlooked. 

This becomes especially complicated because HIPPA does not extend to entities that are not health plans or healthcare providers. Thus, if a doctor chooses to communicate with a patient over Facebook, that interaction would be subject to Facebook’s privacy policy instead of the more stringent one provided by HIPPA. If these online communication platforms chose to harness the data they gathered from such interactions, there would be no present legal safeguard to protect patients. In a legal dispute, the Federal Trade Commission would be called in to assess whether companies were being or breaching laws in the process of gathering this data. However, the FTC’s precedence of inaction means this avenue would likely be unsuccessful in combating corporate data collection. 

Additionally, HIPPA does not protect personal medical devices and apps. Because these are not being administered by healthcare providers, they do not fall under conventional HIPPA guidelines. As a result, personal data collected by these apps can be stored and sold even if it would have otherwise been deemed confidential in a healthcare setting. These devices have become increasingly commonplace during the COVID-19 pandemic because they can track vital signs and detect abnormalities that may indicate the early onset of a Coronavirus infection. Without proper data protection, their popularity and convenience is putting consumers in a tough spot. 

Until the federal government updates its privacy guidelines for telemedicine, most of the burden of data protection has been placed on patients, which makes it imperative to understand how we can best protect our data. 

1. Talk to your healthcare provider and ask what is happening to your data. Because of the variability in how doctors are administering telehealth, your healthcare provider likely knows the most about what is going to happen to the information you have shared during your appointment. Simultaneously, do not be afraid to express any discomfort you are experiencing because of the digital format of your appointment. It is better for you and your doctor to be on the same page about the details you are providing during your appointment. 

2. Read the terms and conditions of any website, app, or device you are using to store and collect healthcare data. While this can often be a tedious process, the “terms and conditions” agreement is the best place to look to determine what exactly is happening to your data. While you still might have to use a particular platform, having an understanding of your digital privacy will give you a better sense of what data you should avoid sharing if possible. 

3. Minimize data sharing as much as possible when using any digital platform. Just because a website or app is asking for your personal information does not mean you are compelled to provide it. Moreover, if you are uncomfortable or confused why certain data is being asked for, it is better to err on the side of caution and opt-out of sharing information you deem irrelevant to the platform’s goals. 

Copy Editor: Sophia Bartell

Photography Source: Rylan Puent, https://medium.com/@cre8tivemediaservices/how-the-digital-age-is-impacting-our-personal-privacy-695326dd1455