The data privacy debate is overlooking a very important issue.
The issue of data privacy on mobile phones has been brought to public and judicial debate again with Apple’s AAPL 0.56% refusal to create a backdoor into its operating systems. The debates so far have failed to highlight that granting governments access to mobile phone data opens access to not only sensitive financial and personal information, but also the crown jewels of healthcare: patient health records. Now that the majority of patients and doctors are accessing, storing, and transmitting healthcare information via mobile phones and connected medical devices, smartphone security has become a lynchpin of patient data security.
Healthcare data breaches are a real and serious threat and have already led to identity theft, financial loss, civil rights and employment discrimination, and even a risk to patient safety. In addition to the moral responsibility of protecting these data, the Health Insurance Portability and Accountability Act (HIPAA) specifically mandates that patient data be encrypted and assigns meaningful fines to violations. These breaches by hospitals, companies and doctors can add up to multi-million dollar liabilities.
Healthcare records contain mission critical and sensitive information, including social security numbers, financial information, diagnostic test results, medical diagnoses, and the correct dosages of hazardous drugs. Dr. John Halamka, a professor at Harvard Medical School and CIO of Beth Israel Deaconess Medical Center, wrote about his hospital’s experiences with internet-connected drug infusion pumps, which have been compromised. In extreme cases, malicious hacking also could be used to disrupt the workings of a heart pacemaker or drug infusion pump to deliver the wrong amounts of hazardous drugs.