Why Should Hackers Have Easier Access to EHRs than Patients?

Mike Miliard | Healthcare IT News | January 3, 2017

Eric Topol and Kathryn Haun make the case for keeping medical data in personal clouds or digital wallets, empowering patients and removing centralized targets for cybercrooks, in a New York Times op-ed piece.

In a Jan. 2 New York Times opinion piece, Eric Topol, MD, professor at the Scripps Research Institute, and Kathryn Haun, a federal prosecutor who teaches a course on cybercrime at Stanford Law, take aim at what they call "quite a paradox": the fact that most patients still can't readily access their own health data, even as there's "an epidemic of cybercriminals and thieves hacking and stealing this most personal information."

The value of health data to cybercriminals is well-known by now -- as is the fact that the industry's oft-lagging security practices have made it an easy task for bad actors to access it. "It is common for millions of patients’ health records to be stored together in huge central databases that, once breached, yield a trove of information," Haun and Topol write inThe Health Data Conundrum.

While it's become "increasingly difficult to combat this problem using traditional methods of enforcement and deterrence," they write, there are some strategies that could help -- especially disaggregation of data storage. By allowing patient data to be kept in "individual or family units rather than in centralized databases," each patient "would have medical data in a personal cloud or a digital wallet," enabling them to share data with family and clinicians in the ways they see fit...