In this article, Danny Lieberman talks about the roles that trust, security and privacy play in online healthcare interactions. At the end of the article, he introduces the idea of private social networking for healthcare – leaving the piece open for a sequel.
Noun: The state or condition of being free from being observed or disturbed by other people. The state of being free from public attention.
When it comes to healthcare information, there have always been two circles of trust – the trust relationship with your physician and the trust that you place in your healthcare provider/insurance company/government health service.
With social networks like Facebook, a third circle of trust has been created: the circle of trust between you and your friends in the social network.
When we share our medical situation with our doctor, we assume we can trust her to keep it private in order to help us get well. Otherwise – we might never share information regarding those pains in in the right side over our abdomen, and discover after an ultrasound has been done, that our fatty liver is closely related to imbibing too many pints of beer and vodka chasers with the mates after work – when you have been telling the missus that you are working late at the office.
Healthcare provider – patient privacy
When we share medical information with our healthcare provider, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly – as consumers of healthcare services, it’s impossible for us to audit the effectiveness of their security portfolio.
With our healthcare provider, revealing personal information depends on how much we trust them and that trust depends on how good a job they do on information security, and how effectively they implemented the right management, technical and physical safeguards.
"If you’re not sure about the privacy, trust and security triangle, just consider Swiss banks."
Millions of people have online healthcare interactions – asking doctors questions online, sharing experiences in forums, interacting with doctors using social media tools like blogs and groups and of course – asking Dr. Google.
Privacy among friends
When we share medical information with our friends on Facebook/Google+ or Twitter we trust them to keep it private within our own personal parameters of vulnerability analysis.
Note that there is feeling secure (but not being secure – chatting about your career in crime on Facebook) and being secure while not feeling secure (not wanting to use your credit card online – face it, with over 300 million credit cards breached in the past 5 years, chances are, your credit card is out there and it doesn’t seem to make a difference now, does it?).
"Trust between 2 people interacting (whether its face-to-face or on Facebook) is key to sharing sensitive information, since it mitigates or eliminates the damage of unexpected disclosure."
Let’s illustrate the notion of personal trust as a security countermeasure for unexpected disclosure with a story:
Larry interacts with his lawyer Sarah regularly, once a week or more. It’s a professional relationship, and over time, Larry and Sarah gain each others trust, and in addition to contracts and commercial terms and conditions, the conversations encompass children, career and life. Larry knows Sarah is divorced and is empathetic to the challenges of being a full-time mother and corporate lawyer.
Come end of year, Larry sends Sarah a box of chocolate wishing her a successful and prosperous New Year. Sarah’s 14 year old daughter, who is pushing her to start dating again, sees the gift package and draws conclusions that Mom has a new beau.
Sarah now has to go into damage control mode with a teenage daughter. It may take Larry months (if ever…) to regain the trust of his colleague. This is literally the damage of unexpected disclosure of private information.
Unlike a healthcare provider, on Facebook we only interact with our friends.
We have digital interactions with our healthcare provider, accessing a Web portal for medical history, scheduling visits and lab tests online etc. These are interactions unrelated to the personal relationship with our physician. The data in these interactions is regulated by governments and secured by healthcare provider information security organizations.
Your healthcare provider’s business model requires them to protect your health information from disclosure.
In our digital interactions on Facebook or Twitter, there is no organizational element to the security, trust and privacy equation only the personal element. This is because your Gmail, tweets and Facebook conversations are the content that drives Google, Twitter and Facebook advertising revenues.
Social media business models require them to distribute as much of your content as possible.
So, is there a reasonable solution to ensure private healthcare interactions on social networks?
The answer, I believe, lies in getting back to the dictionary definition of privacy, and creating a private social network for healthcare that enables you, your doctor and family to “be free from being observed or disturbed by other people”.
Cross-posted from PathCareBlog