Greetings, fellow privacy professionals.
I hope you are safe and well.
The last time I wrote about health care was earlier this year when COVID-19 was first making its way around the globe and digital health care and the rush to develop contact-tracing apps were on the rise in Asia, a few of which were already in early stages of development. Now that we are more than halfway through the year, I thought I would circle back to provide some updates on this and health care in general.
A presentation at a recent security event showcased a review of 136 apps from countries around the world that found they were requesting permissions they did not need to perform the contact-tracing task, as well as collecting unnecessary data. The hunt to find a cure for COVID-19 is now the talk of nation-states worldwide, and the focus and attention are now shifting to what is at stake when the vaccines are available to the public and possible privacy concerns. Bloomberg reported on the privacy implications of linking sensitive personally identifiable information, like biometric data, to a COVID-19 vaccination — part of the argument would be that this is needed to track who has received the vaccine and tie it to a biometric identifier on their health record to prove that the individual has been inoculated. Such initiatives could potentially be used and abused in the form of mass surveillance, profiling using big data and artificial intelligence, and in doing so, breach the privacy rights of individuals. It will be important for privacy pros around the world to watch this space and look for lessons learned and new frameworks that are being developed. The Centre for Information Policy Leadership just released insights into this topic, and a good reference on the preparation of privacy and security obligations in health care from the IAPP team can be found here.
With the new enforcement of the U.S. Centers for Medicare & Medicaid Services' Interoperability and Patient Access Rule and The Office of the National Coordinator for Health Information Technology Cures Act Final Rule in February 2021, we in Asia can look to this as examples of how other regions are evolving their health care IT regulations, as many countries are still facing an uphill battle on addressing patient data concerns. Without stricter health care IT regulations, we will continue to see breaches in this area. As an example, a recent report found the health care sector in Australia had more data breaches than any other industry. Office of the Australian Information Commissioner statistics showed that between July and December 2019, 74% of breaches targeted identity credentials, including phishing, stolen or compromised credentials, and brute force attacks. Credential compromise is often how hackers gain access to sensitive systems, and those interested can have a look at the latest NIST Zero Trust Architecture that launched earlier this month and outlines a road map for cybersecurity measures across an organization and how this framework can help to address such issues.
Keep in mind, that “breaches” can occur starting from external vectors or from within, and health care companies should perform security and privacy impact assessments when rolling out new products and services. Otherwise, data could be improperly disclosed to a third party, as we saw this week with the HealthEngine case that resulted in a fine when internal actions were exposed.
Finally, on a brighter note, it is great to see that there are some health care applications that are driven by clinical doctors themselves and not purely technology companies trying to get into the health care space. A team of doctors in Australia is testing a new digital health platform and developing an app to help streamline COVID-19 screening. You can watch the application in action here. Let’s hope they also perform the necessary security and privacy checks to safeguard patient data, and we should expect to see many more developments in this health care IT space before the end of 2020.
That’s all for now, folks. Take care, stay home and stay safe!
Keep safe; keep secure.
If you want to comment on this post, you need to login.