Earlier, I had an interesting conversation with a couple I had met about some of the security issues related to online transmission of health information. I was of the opinion that health care institutions should be more permissive in providing online access to their health information – be it lab tests, history, etc. I mean, are most people *really* that concerned about identity theft? How much security do we need if it gets in the way of allowing people to connect with one another?
The gentleman with whom I was speaking indicated that security for online banking is insufficiently secure, and also thought that health care institutions shouldn’t allow people to view information over the web. He was a computer expert and indicated that it is much easier to break into a system than generally perceived. But, the interesting thing is that he does his banking online even though he has many concerns. He also mentioned that he was a victim of debit-card fraud, but that his bank reimbursed him for the fraudulent charges. What was interesting was that his wife felt that the security risks were acceptable, and that she would like to have more access to her health info.
I guess the conversation sums up the issues with which the health industry wrestles with each day. How do we balance security (and privacy) concerns with the need to enable access to health information? Perhaps the barriers are in appropriation of liability (it’s usually the health care provider’s ass on the line) and also in the consequences of having one’s information published. I hear about these doomsday/nightmare scenarios of being discriminated against, and perhaps they shouldn’t be dismissed so lightly. Which makes me wonder: how secure is enough?