What's to blame for health data breaches: Tech or culture?

Panelists participating in a discussion on technology and its potential for patient harm at the Second Annual International Summit on the Future of Health Privacy in Washington, D.C. yesterday pondered whether complex--and often conflicting--privacy policies were to blame.

Technology can harm people because of how we define harm, said William Sage, M.D., a law professor at the University of Texas at Austin and Vice Provost for Health Affairs. Sage repeatedly called the American healthcare system "not very good" and blamed ever-increasing medical data breaches on a culture of training doctors to think they must know everything all the time. 

"We have a culture of too much information and too little knowledge," Sage said. "In a modern system, a doctor does not need access to everything."

Ann Freeman Cook, a research professor in the department of psychology and director of the National Rural Bioethics Project at the University of Montana, said that often times, patients have "no idea" what privacy or risk statements even mean. "But if they don't sign, they don't get care," she said.

Pablo Molina, associate vice president of information technology and campus chief information officer at Georgetown University, said that when it comes to privacy breaches, blame shouldn't fall on just one entity, like a provider or a vendor. "Everyone thinks everyone else is responsible," Molina said. "It's called  'the problem of many hands.' Accountability needs to run across the board to everyone involved."

Maneesha Mithal, associate director of the division of privacy and identity protection with the Federal Trade Commission, said that the FTC urges providers not to bury important information in their privacy policies, but instead to put it in separate, easy-to-understand forms for patients to sign.

"Consumers shouldn't be burdened to read through [complex] privacy policies," Mithal said.