Protecting patient privacy in cyber environments

Confidentiality in the medical encounter is crucial to providing adequate patient care. Health data is therefore privileged and protected by legal mechanisms. Health systems use electronic records and large-scale databases. Increasingly consumers use also IT to collect, store and share data about daily life and health behaviors. Sharing data via network-based systems or storing it ‘in the cloud’ produces multiple ‘digital selves,’ health ‘data doubles’ and ‘virtual patients.’ With so many stakeholders involved much data is produced without clear governance structures, blurring the view of what is done with the data. These problems are exacerbated through the networked, distributed nature of health data collection and convergence of protected hospital systems, commercial collection and aggregation of data and consumer health technologies. This brings patient privacy into the realm of cybersecurity. This panel explores how cybersecurity impacts the governance of critical IT infrastructures and mitigation of threats, what sociotechnical challenges are related to protection of large-scale HIT systems, how surveillance and bioethics studies seek to understand threats to personal privacy in the context of networked technologies and finally what changes to laws and regulations would be required.