Healthcare Data – Who’s Responsibility is it?

medical, record, health Photo by vjohns1580 on Pixabay

When it comes to running any business, the satisfaction of the customer, patient experience is of utmost importance. This is especially true in the healthcare sector due to the nature of the industry. When your business offers a product or service in the healthcare industry, you are taking private and often sensitive consumer data into your own hands. For this reason, the healthcare industry needs to work that much harder to secure customer data.

In our overly connected world, securing data is increasingly difficult. Healthcare data that was once private is no longer so, especially with the rise of social media, wearable fitness trackers, and niche healthcare apps. All of the above collect important customer data that can often be shared with unknown third parties for various purposes.

As stated in an article on Health Affairs, “even when health information is stripped of personal identifiers, it can often be re-identified with low effort.” In fact, the article references a 2018 study in which researchers were able to easily able to “re-identify 95 percent of individual adults from the National Health and Nutrition Examination Survey using machine learning techniques.”  Thus, it is more important than ever that companies take responsibility to better secure critical healthcare data in whatever form it takes.

report, health, medical Photo by mohamed_hassan on Pixabay

Protecting Patient Data

As everything we do is becoming governed by technology and the internet, cybersecurity is quickly becoming a pressing issue. Healthcare companies are not immune to this type of danger. In fact, cybercrime has proven to be a particularly rampant issue in the healthcare sector. According to Bradley University’s article, the healthcare industry recorded the highest number of cyberattacks in 2015, surpassing sectors like government, finance, and manufacturing.

The healthcare industry’s data is not only life-giving or life-threatening to its patients but is also of high value to cybercriminals. This is because patients’ personal data is rich in lucrative information like Social Security numbers, home addresses, bank account information, insurance details, and more. With all this information at stake, the healthcare organization’s responsibility is to implement the latest cybersecurity measures.

Often cybercriminals will not target large secure databases of information. Rather, they will target professionals like family nurse practitioners and clinicians as a quick and easy entry point into a system’s data. This is why it is essential that all professionals working in the medical industry are fully aware of and prepared to combat the risks of cybercrime.

Professionals need to have a basic understanding of how cybercrime works. Cybersecurity breaches in the healthcare industry often take the form of phishing attacks and ransomware attacks. To safeguard data against these attacks, employees need to be careful when opening attachments and emails, responding to requests to share data and clicking on pop-up links. At an organizational level, clinics and hospitals should put firewalls in place, install pop-up blockers, consistently back up their data, and invest in employee cybersecurity training. Enlisting the help of cybersecurity professionals to secure patient data is also not a bad idea.

Other vulnerable points of entry include pharmacies and web consulting portals. For pharmacies, privacy around patient prescription data is of utmost importance. This is even more essential for diseases that carry a social stigma, like HIV and Aids. Social stigma often prevents patients from seeking medical attention, getting tested, and accepting treatments like Truvada. The myths and misconceptions around HIV also prohibit individuals from taking the appropriate preventative measures and ensuring their all-around well-being. Due to this stigma, it is the healthcare provider’s responsibility to ensure that consumers’ data is adequately protected. If patients fear their medical data is at risk of being publicized, they are even more unlikely to seek treatment, creating a cycle of disease and disaster.

Responsible Healthcare Marketing

Marketing plays an important role in the healthcare sector. Crestline defines healthcare marketing as “the marketing that’s used by any company in the healthcare industry that provides a product or service meant to improve the health or life of a consumer.” However, due to its nature, healthcare marketing and advertising are often controversial. As marketing practices evolve, healthcare organizations need to carefully consider how to ethically present information to consumers to make informed decisions about their health.

Historically, the healthcare industry has been relatively slow in terms of its investment in marketing and advertising. An article on Modern Healthcare attributes this to the fact that up until the 1980s, there were many restrictions in advertising healthcare products and services.

Today, those restrictions have been lifted; but the need to ethically present healthcare data in advertising is still relevant. Unfortunately, many healthcare marketers opt for “fuzzy, feel-good messaging,” even though an authentic conveyance of information is the need of the hour. More and more medical professionals are pushing for healthcare ads to be regulated, much like pharmaceutical ads are. To quote Dr. Yael Schenker, an assistant professor of medicine at the University of Pittsburgh, “There is an assumption that the advertising is … informative or fair and balanced when that is not necessarily the case.”

Marketers tend to resist such criticisms, but ultimately, every healthcare organization’s responsibility is to present data cleanly. To do so, organizations must focus on an element of honesty in any healthcare marketing campaign. Additionally, they must consider how to reach consumers regarding a specific campaign best, through digital options like social media and interactive displays or traditional methods like direct mail and radio.

Digital channels like apps tend to have greater reach, as illustrated through the example of Astellas Pharma U.S. (maker of the drug Myrbetriq). Astellas sponsored the RunPee app, which identifies optimal pee-break times during movies so that viewers don’t miss important plot events. The app has more than 600,000 users and has been great for Astellas’ visibility.

However, with greater reach comes greater responsibility; and although marketers may believe otherwise, disregarding the ethical use of healthcare data for marketing purposes can have severe repercussions. In fact, an article published in the American Journal of Bioethics claimed that the unchecked nature of healthcare marketing could “mislead patients and encourage utilization practices that work against the goals of improving quality and decreasing costs.” Thus, it is integral to use healthcare data in advertising in a responsible manner to promote consumer well-being and maintain organizational integrity.

Crop doctor writing prescription on paper Photo by Laura James on Pexels

Responsible Health Education

Caring for patients and individuals is often practiced outside the four walls of a hospital or clinic and begins with health education. To further preventative care and improve the health of the human population, medical researchers, practitioners, and organizations must share their data and findings with the public. The onus lies with the healthcare industry to educate the public about current threats to health and preventative lifestyle measures that can take to live a wholesome life.

For instance, today, there is “more and more evidence points to a connection between cardiovascular health and venous disorders like deep vein thrombosis and varicose veins,” as stated by the Center for Vein Restoration. The center released an article that explains the findings of two major research projects that show that people who maintain their cardiovascular health significantly reduce their chances of developing deep vein thrombosis and varicose veins. In turn, they encourage clients to take up preventative methods of boosting cardiovascular health.

In education campaigns, the healthcare industry needs to be extremely careful about what data they choose to distribute and how they do so. Inappropriate distribution channels can make healthcare education a liability, as opposed to a helpful tool.

For instance, using consumer apps or social media to distribute sensitive research/patient data is less than ideal. Currently, a lot of apps work on the premise of “all-or-nothing” sharing. This means that they are given access to every aspect of consumer health data – even things that patients might prefer to keep private – rather than specific types of information.

Additionally, social media platforms and certain apps are notorious for “selling data” to third-parties, even though they constantly deny this controversial claim. To quote Brett Meeks, vice president of policy and legal for the Center for Medical Interoperability, from a New York Times article, “Facebook, Google and others are currently under scrutiny for being poor stewards of consumer data. Why would you carte blanche hand them your health data on top of it so they could do whatever they want with it?” While social media platforms are undoubtedly useful to proliferate information, it is ultimately up to healthcare educators and providers to ensure that this information is not mismanaged and used for malicious purposes. Thus, a well-thought-out and wary approach must be taken when distributing data and health education.


From safeguarding systems that store a patient’s personal data to using research data to educate the public (and not simply for marketing purposes), the healthcare industry needs to step up its game in terms of handling the data it is entrusted with. Consequently, those working in the healthcare industry need to be aware of their responsibility’s weight and nature.

The following two tabs change content below.

Request a Demo

See how ReferralMD delivers a better experience for providers, staff, and patients.

Learn More