Big data analytics has proved very useful in healthcare industries, offering high-quality and effective medical care in disease prevention, predicting treatment outcomes, reducing medical errors, and improving all aspects of healthcare. However, some shortcomings and challenges remain that prevent healthcare providers from applying big data technologies in their healthcare delivery activities (Caulfield et al., 2020). One of the main disadvantages of using big data in the healthcare sector is the problem of lack of confidentiality.
There has been a significant data leak recently in Hong Kong. Privacy protection service discovered a shared database of the healthcare network with the personal data of more than 1 million customers among its companies (Yeo, 2022).
The relevant information about the client was available through the system to the EC Healthcare customer support service, the cashier, the hotline, and the reception staff. In two complaints, personal data provided initially by the applicants to one brand was disclosed and transferred without their knowledge to employees of some other brands. Moreover, the Privacy Commissioner considers that the above arrangement did not correspond to the original purpose of collecting the applicants’ data and did not meet their reasonable expectations regarding the confidentiality of personal data (Landi, 2017).
Data from the healthcare industry is considered very valuable. The assets of these individuals and organizations are under threat. Even more worryingly, the healthcare sector, in particular, is becoming a target of intruders and, therefore, is the most vulnerable. Thus, data privacy has become a severe problem for individuals and organizations.
I am concerned about this situation, as disclosing patient data exposes them to a severe risk of identity disclosure or financial fraud. Criminals can access confidential medical, demographic, and economic information that jeopardizes patient privacy and financial security. I am very concerned that in addition to the social and demographic information that attackers can get, they can get hold of financial information, which entails hacking patients’ payment cards and bank accounts. In addition, I am outraged that the right to the confidentiality of patients who have HIV have sexually transmitted diseases, abuse psychoactive substances, have mental health problems, and have cancer is violated since this is the most confidential medical information (Seh et al., 2020).
I am also concerned that this hurts healthcare professionals, as data leaks undermine patients’ confidence in the ability of healthcare providers and insurance plans to protect their data. A recent Harvard T. H. School of Public Health and Policy survey showed that only 17% of patients “strongly” believe that their health insurance plan will protect their data, and only 24% trust their hospital to ensure their data security (Harvard, 2019). l guilty because I am part of this structure, as well as anxiety for patients and outrage over the unfairness of the processes.
The main advantage of this event is that it shows where medical entities have problems, which can help the development of effective data implementation. Thus, many hospitals have begun to take more care of data protection. Namely, along with strengthening cybersecurity training for employees, steps such as hiring a qualified IT team that understands the unique risks of healthcare security to ensure proper protection are applied (Kaissis et al., 2020).
There are also disadvantages to all this since current reporting requirements, academic research, and public attention to the consequences of leaks of protected medical information are primarily focused on the number of affected patients and not on the types of compromised protected medical information, which limits the ability to manage the risk of leakage effectively (Scott et al., 2021). In addition, data leakage poses a more significant financial and credit risk for non-profit hospitals than any other sector of municipal finance due to the increasingly interconnected nature of hospital activities and information technology.
Such cases occur because insiders do not have clear information about how to manage clients’ data. Insiders are responsible for hacking over 3 million patient records and 20% of the total number of leaks in 2019 (Seh et al., 2020). Insiders have legitimate reasons for accessing electronic medical records, which facilitates unobtrusive access to unauthorized access. Thus, data leaks occur because medical professionals are not aware of the cyber security policy in healthcare (Scott et al., 2021). Since most healthcare organizations store patient information electronically, healthcare professionals must know how personal data is protected.
Thus, the data obtained confirms the need for health and security personnel to understand how their data is accessed. This will help prevent these breaches, which saves organizations and patients high costs after data leaks. It can also help hospitals develop and implement more effective methods to protect confidential medical information. Insider information incidents usually have a longer detection time than the average, so healthcare organizations need to use best practices to detect unauthorized access to patient data. Repetitive training is essential in ensuring that healthcare professionals are aware of common threats to patient privacy and how to prevent them, helping reduce risk throughout the organization and setting clear boundaries for employees who can access data. Audit and documentation are necessary to ensure that people are responsible for this training.
In order to avoid such situations in the future, it is necessary to take some steps. It is essential to provide customers with a clear and concise Statement about the collection of personal information to make it easier for them to understand the purpose of data collection and the classes of assignees to whom the data may be transferred (Jiang et al., 2022). It is necessary to properly distribute the rights of personnel to access and extract clients’ data, taking into account the scope of activity and authority of the staff.
Furthermore, the next step is to assess the impact on privacy before implementing any plans related to processing a significant amount of personal data and take adequate measures to eliminate the identified results and risks to protect the confidentiality of personal data. Furthermore, it is necessary to implement a Personal Data Privacy Management Program, including protecting personal data confidentiality in its management responsibilities.
References
Caulfield, T., Murdoch, B., & Ogbogu, U. (2020). Research, digital health information and promises of privacy: Revisiting the issue of consent. Canadian Journal of Bioethics/Revue canadienne de bioéthique, 3(1), 164-171. Web.
Harvard T.H. Chan (2019) Americans’ views on data privacy & E-cigarettes. Cornell University, Ithaca, NY: Roper Center for Public Opinion Research. Web.
Jiang, J. X., Culbertson, N., & Bai, G. (2022). Effectiveness of email warning on reducing hospital employees’ unauthorized access to protected health information: A nonrandomized controlled trial. JAMA Network Open, 5(4), e227247-e227247. Web.
Kaissis, G. A., Makowski, M. R., Rückert, D., & Braren, R. F. (2020). Secure, privacy-preserving and federated machine learning in medical imaging. Nature Machine Intelligence, 2(6), 305-311. Web.
Landi, H. (2019). More than 70% of hospital data breaches compromise information that puts patients at risk of identity theft. Fierce Healthcare. Web.
Scott, I., Carter, S., & Coiera, E. (2021). Clinician checklist for assessing suitability of machine learning applications in healthcare. BMJ Health & Care Informatics, 28(1). Web.
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020). Healthcare data breaches: Insights and implications. Healthcare 8(2), 133. Multidisciplinary Digital Publishing Institute. Web.
Yeo, R. (2022). Hong Kong watchdog finds healthcare chain shared customer data without consent. South China Morning Post. Web.