We shouldn't be cavalier with patients' health information
- In the hands of cybercriminals, that information could cause medications to become mixed up – or people might fail to get treatment.
- In public hospitals the computerised systems on which patient information is captured often has very few safeguards to protect the information.
- Lack of hard-edged computer systems professionals in the health sector compounds the problem.
When you walk to a health provider’s clinic, you open up your life and tell all to a health worker trusting that the information you share will be kept confidential.
You expect that the privileged information will be insulated from prying eyes. Some of this information is so personal that if it spilled into the public, it could cause you irredeemable damage.
Here is the sobering fact: Healthcare breaches are especially serious because personal data can, in some cases, mean the difference between life and death.
For example, in the hands of cybercriminals, that information could cause medications to become mixed up – or people might fail to get treatment.
Sadly, health information of millions of people in Africa is handled in cavalier ways. For example, many health workers exchange information about their patients using their unsecured mobile phones. The same phones they use for other day to day activities.
In public hospitals and in poorly resourced private clinics, the computerised systems on which patient information is captured often has very few safeguards to protect the information.
Pay attention to this: multiple health workers use same password to log into health systems that contain patients’ privileged information.
Sometimes the password is placed conspicuously in the offices for staff and anyone else to see and use it to access patients’ information. In a field prone to cyber threats, this practice runs counter to the need for secure systems.
World over, health information systems are hotbeds for cyberattacks. Troves of mined health data are as good as gold for cybercriminals as these can easily be used for identity theft and other schemes, resale in the black market, and even for blackmail.
These are not imagined theories. One study shows that hundreds of data breaches happen almost daily in Africa’s health ecosystem. But these breaches go unreported precisely because there is no law requiring individuals and organizations to report them to the affected patients or to authorities.
Lack of hard-edged computer systems professionals in the health sector compounds the problem. The sector lacks resources to attract and keep the top-notch well-armed technology wizards who can keep up with cyber security assaults.
Besides, there are no clear data security and privacy guidelines to direct health workers on how to keep patients data safe from intruders.
This relaxed approach to management of sensitive health data should concern patients and health providers alike.
In countries such as the UK, the healthcare sector is viewed as critical national infrastructure, alongside the water, electricity and transport networks. African countries should follow suit.
This week, Kenya Health Informatics Association will host Africa’s health informatics conference in Nairobi. Hopefully, this forum can show the way on how to entrench, scale up and turbocharge efforts to better management of patient information.
The writer is an Informatics Specialists. Email: [email protected] ; @samwambugu2