Digital Health Data: A Comprehensive Review of Privacy and Security Risks and Some Recommendations

From Digital Culture & Society

Contents 1 Find article online: 2 Context 3 Overview 4 Strengths and Weaknesses 5 Assessment

[edit] Find article online:

Shahidul Islam Khan, & Abu Sayed Md. Latiful Hoque. (2016). Digital Health Data: A Comprehensive Review of Privacy and Security Risks and Some Recommendations. Computer Science Journal of Moldova, 24(2(71)), 273–292.

D.O.I: unavaialble

[edit] Context

The article’s main points of interest are privacy and security risks when dealing with digital health data. As the years went by, there was a rapid increase in technological development in the medical field. Protected health information (PHI) is stored in diverse information systems. Medical researchers and practitioners benefit from online systems to efficiently sort through health data, but it is also a prime target for cybercriminals. PHIs take shape in laboratory reports, medical records, and hospital bills. It raises concern amongst patients needing to share sensitive information and trusting a digital database to safeguard them. The PHIs mentioned are valuable to be targeted because they contain information like date of birth, address, national ID, telephone, and email. According to the article’s analysis, healthcare data servers are targeted for mostly monetary value. At the time of the article’s publishing, attacks have grown 1.25 higher compared to 5 years ago and continue to increase. A patient’s privacy can be revealed through a physical copy of the medical record, but the spread of information is much faster when digitally obtaining it. National health data warehouses (NHDW) are useful to house various health information systems, but they raise risk by having a single organization responsible for protecting the information. Either way, health systems need to take the proper precautions to safeguard patient data.

[edit] Overview

The article asks how digital health and integrated health information are at risk of privacy and security breaches. It also asks how healthcare systems can reduce the risks of PHI leaks. The article explains what data breaches are in the health industry, what are the costs of those data breaches, and their impact on several health organizations. The article mentions the research conducted by IBM and Ponemon Institute in 2015. It states that from an interview of 350 companies in 11 countries, there were more than 18 thousand breachment cases regarding health records. The costs of a data breach vary in the cause of protection. Some direct costs could refer to hiring forensic experts or offering safeguard services to victims. Indirect costs could refer to loss of goodwill and churn. One of the article's graphs shows the average cost for a breached healthcare organization was around 363 USD. Compared to other information breaches, health is more valuable. For example, education breaches cost 300 USD and public sector breach cases cost 68 USD. Breaches deteriorate the goodwill of healthcare organizations with patients withholding information from healthcare providers. Unwillingness to disclose information could result in treatment or diagnosis delays for the patient. Healthcare providers also take a hit with breaches where they may need to pay ransom to hackers to restore their systems. They also have to pay the government for failing to protect the information. The article also provides general recommendations to reduce the possibility of PHI leaks and recommendations for deployment of the NHDW. Encryption adds a layer of protection by backing up data or health personnel keeping records on their devices. The screening of internal health information software is needed to prevent any openings for hackers to break in. The article goes into more detail about the recommendations for reducing health data breaches.

[edit] Strengths and Weaknesses

Starting with the strengths, one of the most significant parts is the research they did for this article. It is a mixture of both quantitative information and important points made. Graphs were used to display various sections regarding data breaches with examples like the cost and number of health records infiltrated. They give specific examples of cases that happened in the past to elaborate on how serious of an issue health data breaches are. Another positive the article does is provide helpful recommendations for healthcare companies to try and prevent hacker attacks. Some considerations include minimizing personal information collected and understanding how long the information needs to be stored. Awareness of these recommendations strengthens the trust between patients and healthcare providers when handling data on digital systems. A weakness of the article can be considered its published date being 2016. Technology has rapidly increased over the years in security and hacking methods. The quantitative data only pertains to that technological era. The article does not measure breach incidents that have happened lately. The reader cannot know if modern security has been tested enough to reduce or deter breach attacks.

[edit] Assessment

While the article itself is a bit dated, it does answer its questions about how breach attacks affect healthcare systems and how to be prepared for them. It goes in-depth about the importance of security measures within healthcare systems. Patients and healthcare workers are negatively affected by cyber breaches. It impacts the overall reputation and safety of the healthcare industry. The article is beneficial to both patients and healthcare personnel. Understanding precautions and security measures go a long way in protecting private data and preventing further costs. The information may pertain to that technological era, but its message is still important for security today.

cs20tj 16:14, 08 December 2023 (EDT)