Twenty years ago we lived in a village with a reasonable expectation of privacy. We trusted a handful of people with our personal data, and erected walls around that data to discourage exchange.
Today this privacy is nothing more than a facade, a graceful curtain that hides a multitude of people milling around our personal information.
This weekend I counted how many internet services I use. My musical tastes are currated each day by Rhapsody. Netflix supplies entertainment, Mint tracks my financial state, Amazon supplies me with books and most of my web purchases, TurboTax files my taxes, and on, and on.
There is literally no element of my life that isn’t at least partially cyber-ized. Most of these people know (a) where I live, (b) my age, (c) my gender, (d) my credit card data, (e) my purchasing history and patterns.
Each of these services has a username and password, and frankly most of them are hopelessly inadequate for the task at hand. Even with complex passwords stored in a password safe I have no expectation that my data is secure because history has shown that such an expectation makes no sense.
In my heart of hearts I long for the privacy situation in HealthCare IT to be different. Many of my peers in social media see this as anachronistic. In the brave new world of apps, devices, crowd-sourced clinical trials, and quantified self, the loss of privacy is a precondition to progress.
Perhaps medical privacy is just a passing fad that will blow away like sand in the wind. After all, it was only ten or twenty years ago that most of us even started to think seriously about this concept as it relates to digital records.
I’m hoping not. Call me old fashioned, but I don’t want to share all the details of my various complaints with a world wide audience. These records are personal to me, and in a more poetic sense, they are a part of me.
The reality is that we face a ten to fifteen year period where technology will be a daemon to some and a saviour for many. We have achieved greatness in generating and distributing medical information without creating the tools to manage its security.
If you doubted the scale of this problem the events of last week probably changed your mind. When a committed adversary can penetrate the systems of the largest nation state in the world and steal data from the office of personnel management including sensitive security data about operatives the rules of the game have officially changed.
The next decade is going to be hard on HealthCare IT. We’ll be fighting a constant battle against people who want to steal data to file fake claims, steal patient identities, blackmail individuals and commit fraud. We’re going to lack the tools to do the job and we’re going to have to the best we can as privacy finds a new level.