How Consumer Generated Data and PHI Create a Higher Security Risk

How many hours a day are you online? How many apps, programs, and gadgets are tracking your every move?

While it’s not something we think about regularly, chances are you’re creating data in some fashion every single hour, night and day.

If you wear a Fitbit, it’s tracking your sleeping habits. Carry your phone with you, and it can determine how many steps you take each day. Login to your Facebook account and share what you do. It creates a running log of your daily habits, where you go, what you do, what you eat, and what you participate in.

If you indulge in a giant piece of chocolate cake, or hang out at the bar with friends and share, it’s posted for the world to see on your newsfeed.

If the data is there, someone wants it. Some company is willing to buy it, study it, use it, and possibly make decisions about your future. Will you qualify for specific types of insurance? How about if you apply for a job?

Polls show that 77 percent of us no longer feel digital privacy exists. Over 70 percent feel there is an obligation to share personal health information to stop the spread of disease, yet only 44 percent of respondents were happy to do so during COVID-19.

Yet no matter how much we love or hate the idea of sharing information, it’s now a part of our world. And it isn’t going away.

Consider Fitbit’s purchase of Twine back in 2018. For years, Fitbit was thought of as a consumer wearable, with little crossover into the healthcare marketplace. The purchase of Twine changed that as the popular wearable technology pivoted towards employee wellness programs.

Then in 2019, Google announced its offer to buy Fitbit for $2.1 billion. Though the purchase is being evaluated, and only time will tell whether the acquisition is approved, it does bring to light how some of our most sensitive data can change hands with the flick of a wrist, and a signed contract to complete the transaction.

As healthcare providers, this can lead to exciting opportunities. If you’re not looking at how you can bring the latest technology into your business, you should.

But it’s also a warning of how important it is to be diligent in ensuring every aspect of your data, whether it’s created directly by your patients, or you enter it yourself into a database, should be secured.

How secure is your data?