During a scan of the news today, I saw two articles related to healthcare security. One reported that an employee of the national health service (NHS) in the United Kingdom had a PC with patient data on it that he or she put up for sale on eBay. The second story was about an inquiry by the Illinois attorney general to eight health-related web sites asking what data they collected about site visitor queries and what they did with that data. Fair question. Both of these situations are inevitable and potentially threatening to privacy.
In the first case, there are a number of questions someone should be asking. The main question is why was there patient data on the PC. This immediately points out the benefit of cloud computing, where major companies such as Apple, Google, and Dropbox take extraordinary measures to keep data secure. They have more to lose than a user and they apply the best people and technology to achieve high levels of security. Having data on a computer in a business or personally used to be a good idea, but no longer.
In the second case, the issues are more complex. No doubt, the web companies have a lot of data about who inquired about what. I am sure that WebMD, for example knows how many people inquired about diabetes, what time of day the inquiries were made, the IP addresses of the devices from which the inquiries were made, and if logged in, the names and and email addresses of the persons, and potentially much more. The question the attorney general is asking is what do WebMD and others do with this data. If they make it available to insurance and pharmaceutical companies, I am sure it is anonymized. However, with the power of big data analytics, can even anonymized data provide a trail to the persons who inquired. That is the question that the eight web sites will need to explain to the attorney general.