Person-centric system’s benefits and risks for individuals part 3

In the previous posts we considered the benefits of person-centric systems usage. In this post we focus on its integration challenges and possible risks. Interpretation of PHR collected at home is problematic since it often requires medical education, knowledge of personal medical context such as life anamnesis, history of doctor’s records that are presented as EHR. Interpretation of PHR can be done in two ways: using Clinical Decision Support Systems (CDSS) similar to EBMeDS and sharing with healthcare professional. In the first case, person sends his data to external application that calculates risks and trends for current health status and can provide with personalized guidelines. Second approach is more complicated but can be much more powerful, because analysis performed by healthcare professional includes also EHR data. Sharing PHR data even with external CDSS application brings security risks.

Interoperable functionality gives us new possibilities, but also includes risks. Sharing your personal medical data to external application where doctors has no access does not mean that your data is secured. There are different steps where your confidentiality is at risk. First usually CDSS is located in the web and you need to send your data to it. Security issues start from your personal computer or mobile phone, where your data is created. It’s needful to ensure that you have protected your device from possible hacker attacks. After sending your data to internet, lack of security channel and encryption can make your data not private and accessible for hackers. After arriving in CDSS data is still vulnerable as it is being processed on an external device, it can be saved to application logs or database. All security risks related to your personal computer are valid for the external servers too. Besides usually hospitals provide personal medical data to research or pharmacy companies without asking permission of the person. Same can happen here as medical data is valuable and there are often companies that want to access it in order to improve their business. All these possible security issues force people to refuse of the usage of such systems because they do not have positive feelings and need to worry about their sensitive information security. More about what can be done with your medical data is written in a book — http://www.beacon.org/Our-Bodies-Our-Data-P1249.aspx.