With HIPAA audits looming and reports of numerous ransomware attacks making headlines, many healthcare CIOs are working tirelessly to make sure their organization and patient data are secure. But John Halamka, CIO at Beth Israel Deaconess Medical Center, advises this: "Give up on privacy."
"My view [is] ... if you just decide your healthcare data doesn't matter, share it with all the doctors and all the people who need it," Halamka says. "Then the hackers can hack it, whatever. It's already open source."
Halamka suggests that widespread public release of health information and more patient data sharing could be a way of staying ahead of the inevitable -- data breaches -- and help maintain some control. He also predicted that the way people think of protected health information (PHI) will soon be akin to how people think of credit cards when they get stolen.
Furthermore, there are now laws prohibiting discrimination based on a person's PHI; the Genetic Information Nondiscrimination Act, for example. Halamka predicts laws like this will help in diminishing the severity of PHI theft.
John HalamkaCIO at Beth Israel Deaconess Medical Center
"If I tell you I have glaucoma and I can't, based on these various regulations and legislation, be discriminated against for anything then what difference does it make? So it's going to take time, and it's [a] cultural change. ... Generations feel differently about this," he says. "But if the discrimination doesn't happen anymore, and people are pretty open about sharing the details of their personal lives, then I expect that spills of PHI will still happen, but no one will care."
Halamka has even published his own medical record and genome online. However, Halamka does recognize that this point of view of patient data sharing is extreme and that because he is a healthy, 53-year-old person, publicly publishing his medical record and genome has not and probably will not impact his life. For someone who suffers from a mental illness or has a sexually transmitted disease, it could be an entirely different story.
"Of course, I respect everyone's right to privacy and everyone's preferences, but my genome is public, my medical record is public, my heart rate is public and it has been for a decade. Have I been harmed in any way?" Halamka says. "No."
However, he does believe that individuals should have the choice of opting in or out of patient data sharing .
"It's all the patient's choice, and I would advocate, for most people, sharing everything for every purpose with everyone is appropriate and low risk," Halamka says. "At least, as a doctor and as a person who's openly shared my data, I've seen nothing but reward for data sharing and nothing but risk for holding it back."