HealthCare.gov’s Security Issues: Did Government Put ePatients’ Health Data Privacy at Risk?
It’s fair to say that HealthCare.gov has been plagued with problems.
It’s fair to say that HealthCare.gov has been plagued with problems. But recent revelations that critical government security rules were waived, days before the site was due to go live, has led to new concerns about whether personal health data users entered into the site is safe from prying eyes.
According to documents obtained by the Washington Post and Associated Press, contractors working on HealthCare.gov warned that a lack of thorough security testing before launch “exposed a level of uncertainty that can be deemed as a high risk.” In addition, a Web security expert found various vulnerabilities that a determined hacker could use to obtain usernames, passwords and other information that could be used to access users’ accounts and potentially place their private health and financial data at risk.
It should be noted that in recent days, the White House and other government officials have assured the public that HealthCare.gov has no serious security flaws or vulnerabilities that could be exploited by hackers. In addition, when security issues are identified, federal officials have addressed them quickly.
New Research: ePatients Who Had or Planned on Using Health Exchanges Were Most Concerned About Health Data Privacy
While legislators, Web experts and others have been outraged by the security issues (and ongoing problems with the Healthcare.gov implementation), it’s worth asking: What does the public think about these issues?
I’m not aware of any polling that has been conducted on whether the general public is concerned about security issues associated with the site. However, in light of this issue, I decided to look at survey data we collected from a representative group of digitally active U.S. ePatients just after the health insurance exchanges were opened to the public. Additional results from this study appear in an upcoming book I co-authored, ePatient 2015.
We asked ePatients participating in the research whether they had already, or planned to, participate in the health insurance exchanges mandated by Obamacare.
In a separate question, we asked ePatients how concerned they were that their personal digital health data could be:
- Accessed without their permission
- Collected or shared without their consent
ePatients used a five-point scale to indicate their level of concern: 1 = low concern; 5 = very high concern. (The data below focus on those selecting option 4, high concern and 5, very high concern.)
After controlling for whether people had/planned to participate in the health insurance exchanges, here’s what I found (remember this data was collected prior to revelations about security concerns re: HealthCare.gov):
- ePatients Not Planning on Enrolling in the Exchanges: 43% had high/very highly concerns about digital health data security and privacy
- ePatients Who Had or Were Planning on Enrolling in the Exchanges: 51% had high/very high concerns about digital health data security and privacy
The bottom line: ePatients who planned to use (or had used) the exchanges were almost 10% more likely to be very concerned their private digital health data could be shared with third parties or accessed without their consent.
Did HealthCare.gov put ePatients most concerned about digital health data privacy at risk? And, is data sharing a bigger problem? Over the past few days, some have reported that HealthCare.gov is sending user data to analytics and advertising firms.
In the end, the jury is still out on how many ePatients (and others) may have had their personal information either threatened or shared with third parties. First, we don’t know how many people actually were able to use the site and purchase coverage. And, the HealthCare.gov security picture is still emerging. But, given the sensitivity of health information, if even a few ePatients’ privacy and security was threatened, this is a big problem.
Government Isn’t the Only Organization With Health Data Security Issues; Yes, People Actually Care About Privacy
The point here is not to pile on the bash HealthCare.gov bandwagon. First, it’s important to note that the government is not the only health industry player with privacy and data sharing issues. A report released by the Privacy Rights Clearinghouse indicates that many mobile health apps may collect and share sensitive health information without following basic security practices and with third parties not named in their privacy policies. Some have noted that HealthCare.gov may have violated its own privacy rules, but the Privacy Rights Clearinghouse report suggests government is not alone in this regard.
Second, and more importantly, although some have suggested that people don’t care about digital privacy and security online, we actually do care. For example, when it comes to health data, many ePatients are very concerned their digital data will be collected or shared without their permission, or breeched by bad actors.
Here’s to the hope that the problems with HealthCare.gov can be quickly fixed, but we can all learn some important lessons about health data privacy and security from this ongoing, and very unfortunate, saga.
(Health data at risk? / shutterstock)