Earlier this year I covered an interesting paper that explored our attitudes towards our health data being used for medical research. The general gist was that most of us regard this as a public duty, and so long as the data isn’t misused, we’re perfectly fine with it.
Whether we believe our health data is secure however was the topic of a recent study by UKCloud Health. It found that 65% of people are concerned about the security of their health data, although the company are at pains to point out that the study was conducted before the ransomware attack conducted on the NHS and other organizations around the world.
Keeping it local
The majority of respondents also expressed a desire for their data to be stored locally. Indeed, 82% of respondents thought that permission should be sought before data is stored outside the country.
“There is clearly a significant trust issue when it comes to public perception of personal data protection. It is hardly surprising that we are reluctant to trust non-UK businesses to securely store and process our personal data. The leak of NSA tools and their subsequent use by hackers has shown how they exploit vulnerabilities to conduct covert surveillance. At the same time, the NSA and Trump administration are also using the ever-growing set of legal powers that they have over US-based companies to access data even when it is held outside the US (such as in the UK-based datacentres of US cloud firms). UK-based businesses, like UKCloud, are beyond the reach of such intrusive extraterritorial legal powers and offer greater protection for your personal data,” the researchers say.
“In the lead-up to the UK leaving the EU, it’s even more vital than ever that the government protects the economy and the country’s burgeoning tech sector. The public consensus regarding this issue is clear. Our research clearly shows us that the general public values data sovereignty. Buying from British companies, and keeping data in British datacentres will boost the public’s trust in personal data protection, grow the UK digital economy and help the Government to meet its aspiration of becoming the safest place in the world to be online,” they continue.
Reason to worry
It is perhaps understandable that people worry, as even before the recent ransomware attack, a recent study from Michigan State University examined the security of data in the US health system.
The study found around 1,800 large data breaches in patient information over a seven-year period in the United States alone.
“Our findings underscore the critical need for increased data protection in the health care industry,” the authors say. “While the law requires health care professionals and systems to cross-share patient data, the more people who can access data, the less secure it is.”
The data for the study came from the Department of Health and Human Services. Hospitals are duty bound by the Health Insurance Portability and Accountability Act, or HIPPA, to notify HHS of any serious data breach that affects over 500 individuals.
Alongside the number of breaches, a few other interesting findings emerged. For instance, only 2/3 of breaches were reported by the hospitals themselves, with business associates, health plans and healthcare clearinghouses reporting the rest.
What’s more, 33 hospitals reported more than one breach during that time, with the majority of those large, teaching hospitals.
It underlines the challenges the industry faces, and perhaps explains why so many of the big tech companies are exploring the use of technologies such as blockchain in healthcare. With data playing an increasingly crucial role in both healthcare and health research, it’s a challenge that the industry urgently needs to get a grip on.