Demanding confidentiality and building trust in digital health – TechCrunch

The February Wall Street Journal report revealed the importance of the issue when people share their personal health information with health and fitness apps. Several of these applications shared (perhaps unwittingly) personal health information from users via a Facebook SDK, which automatically transmitted this data to the platform. In one fell swoop, many companies have damaged trust with their users – perhaps irrevocably.

But the dangers of digital health are not limited to unauthorized SDKs; Three days after the Facebook news announcement, another major health system announced that personal information from more than 325,000 patients had been exposed. All of this comes as big tech companies like Apple, IBM and Amazon start to enter the same space, with projects having a huge impact. But even these well-established names go into health care with a lack of confidence; The National Health Survey conducted by Rock Health in 2018 found that only 11% of respondents were willing to share health data with technology companies.

As we move towards an increasingly digitalised world of healthcare – and start-ups and technology giants work side by side in space – how can everyone involved take responsibility? their responsibilities, respect the laws and regulations in force and maintain the trust of patients and users when it comes to privacy? Companies operating under the strictest health standards are expressly prohibited from monetizing user data; How will major technology brands adapt their business models to do the right thing?

To realize the promise of digital health, companies will need to make sure their patients' data is safe, secure and error-free. Beyond security, healthcare companies operating as providers must also maintain the confidentiality and confidentiality of this data. This is not just good practice; it is an existential requirement for companies operating in this space. There is a basic expectation – on the part of users, as well as employers and health plans working with digital health companies – to respect privacy.

The success of digital health businesses will depend primarily on the willingness of patients to share the most intimate data they possess – their personal health information (PHI) – especially when they fear that this data may affect their jobs. Below are three things that digital health companies would do well to keep in mind when operating in space.

Respect – and inform – regulations

In 2018 alone, more than 6.1 million people were affected by health care data breaches. Many have begun to warn against the "data-destruction tsunami". Complacency is no longer viable. The growing frequency of data breaches should become a rallying cry. When it comes to PHI, protecting the privacy and security of patients and users must be a business imperative.

Compliance with regulations and requirements for the protection of PHI requires a combination of robust security and confidentiality strategies. The Act on Transferability and Accountability for Health Insurance (HIPAA) lays the foundation for the protection of patient data. For companies operating under HIPAA, responsibilities, obligations and opportunities become perfectly clear. Federal laws and regulations prescribe the minimum of confidentiality and security, as well as the exact rules governing the collection, storage and transfer of participant data. For healthcare innovators, strict privacy practices and security controls are key to customer confidence and growth.

It also means that digital health companies need to be actively involved in defining the regulations that govern their operations. It is not a call to hire as many lobbyists as possible to mitigate your responsibilities; it's a call to educate state and federal policy makers who will write the rules of the road that will govern your work for the next phase of health care. An informed policy that allows creative iteration while putting the needs of the patient at the center of its concerns is imperative for the continued success of the entire sector. This is a space where regulation can be helpful in clearly identifying what not to do to be taken seriously – and work properly – as a digital health society.

HIPAA or not: know your role

HIPAA applies to digital health businesses – whether they contract as a provider (an "badociate") or a health care provider (a "covered entity"). Third parties, especially those managing PHIs, may expose health companies to data breaches and nonconformities. Any data breach suffered by a health care business will have serious consequences, including reputational damage, government investigations and monetary damages.

Once credibility has been tarnished, it takes a long time to restore trust among consumers. To do this, it is essential to understand the difference between broad technology and digital health, and to ensure that your organization has in-depth knowledge of all the ins and outs of HIPAA and care data. health; patients want to focus on improving them, without having to constantly check their privacy settings.

Keep compliance at the base

The health sector is already fraught with risks. New laws and market forces only add to the complexity. In order to reach full maturity, digital health companies must invest very early in information security experts that include the intersection of medical devices, software and regulations. Management teams need to empower these experts while remaining attentive to best practices and the latest threats. This is contrary to the spirit of rapid growth of venture capital firms in other sectors, but it is crucial for health care.

If you manage patient data, hiring a legal and compliance team is a top priority. By implementing a confidentiality and compliance program, you will be better equipped to search for and correct potential vulnerabilities, while reducing the risk of fraud and promoting safe, quality care.

The responsibility to build trust in digital health rests with the most prominent actors in a rapidly growing space. Data and their application are the keys to the evolution of health care. But we must never forget that patients and users choose to share their most intimate data. We must badume this responsibility with the systems, the personnel and the maturity that it deserves.