The great irony of healthcare data is that many patients still can’t easily access it—but hackers and cybercriminals can.
“Personal medical data is ... an exceptionally easy target for criminals,” wrote Eric J. Topol, a professor at the Scripps Research Institute, and Kathryn Haun, a federal prosecutor who teaches a course on cybercrime at Stanford Law School, in a New York Times opinion piece.
The solution, they said, is disaggregated data stored in individual or family units rather than in centralized databases. “Such a regime would return the data to the person who should own it in the first place: the patient,” Topol and Haun wrote.
But, they warned, the industry (and consumers) can’t count on vendors to help achieve that goal.
"We cannot leave it to the health record software companies—the Cerners, Epics and Allscripts of the world—to bring about the needed changes. Their business is to sell proprietary information software to health systems to create large centralized databases for such things as insurance reimbursements and patient care. Their success has relied on an old, paternalistic model in medicine in which the data is generated and owned by doctors and hospitals," they wrote.