Notes on Engineering Health, September 2021: Notes on the Privacy and Security of Electronic Health Information

Jonathan Friedlander, PhD
Geoffrey W. Smith

Jonathan Friedlander, PhD & Geoffrey W. Smith

September 30, 2021

In 2015, the insurance company Anthem announced that they had been hacked and as many as 78.8 million former and current policyholders had personal information stolen. This information included names, addresses, dates of birth, social security numbers, and more. This data leak alone put the lives of nearly a quarter of the US population at some risk. This breach, while the largest on record, is far from an isolated incident. As mentioned in our notes about EMRs (March 2021), the ubiquity of electronic health records (EHRs) has supported the creation of transformative digital tools to better monitor, diagnose, and treat patients. But, EHRs also pose serious privacy and security concerns. How big of a problem is it? Why should we care? And what types of opportunities will open up to make sure EHR data is treated appropriately?

The news has been riddled with an ever growing set of privacy concerns linked to health information being shared with third parties without patients’ consent or knowledge — Google acquiring massive amounts of health data with the University of Chicago Medical Center in 2017, and partnering with the Ascension health system through the Nightingale Project in 2019 to name two. Concurrently, there is also a rise of security concerns due to data breaches caused by cyber and ransomware attacks on health insurers and providers. For example, in April 2021 there were 62 reported healthcare data breaches, that is more than two breaches every day of the month. 19 of these reports involved more than 10,000 records, including seven that involved more than 100,000 records.

Although related, privacy and security have different features and should be addressed with different sets of tools.

Privacy refers to the right that someone has to determine for themselves when, how, by whom, and at what level their personal health information may be accessed, shared, or transferred by others. These concerns are directly addressed by the Health Insurance Portability and Accountability Act (HIPAA) signed into law in 1996. The Privacy Rule provision for which HIPAA is best known was developed as people started to worry about genetic privacy. The law generally prohibits healthcare insurers and providers from disclosing private information to anyone other than a patient and the patient's authorized representatives. It is important to note, however, that although HIPAA’s Privacy Rule gives the right to control health information disclosures, it only protects information held by specific health care providers. For example, being asked to reveal one’s vaccination status is lawful and anyone can provide information about their own vaccination status without violating HIPAA. Similarly, whatever personal health information is stored on one’s Apple Watch or Fitbit is usually not covered, and genetic information shared with sites like or 23&me are not covered by HIPAA. It is with this understanding that The Digital Medicine Society, a non-profit supported by the Digitalis Commons that aims to develop digital medicine research and standards, launched a collaborative called the Digital Health Measurement Collaborative Community (or DATAcc) to develop best practices for measuring health through mHealth platforms.  DATAcc aims to coordinate and harmonize practices across the healthcare industry to improve health outcomes, health economics, and health equity, but also to ensure privacy and security for all stakeholders.

Security is defined as the methods by which and the levels at which accessing someone’s personal health information is controlled and allowed for authorized users. In other words, it describes the mechanisms necessary to protect the privacy of health information. Why is it so important to make sure health data are protected? Some theorists would argue that privacy is a basic human good or right with intrinsic value. The more common, and practical view, is that it promotes other values such as personal autonomy, individuality, respect and dignity. On top of these values, a breach of privacy and confidentiality can cause harm through identity theft or discrimination. Among the classic features ensuring the security of data stored by health systems and providers are access control tools like passwords and PIN numbers, encryption of stored information, and enforcement of an audit trail feature to record who accesses information and what changes were made and when. More recently, blockchain technology has come forth as fulfilling many of the features required for optimal security with decentralization, security, pseudonymity, immutability, autonomy, incentive mechanisms, and auditability as described in a 2020 publication.

To adapt digital technologies to healthcare needs and have them adopted broadly by health systems will require continued investment and innovation. But in our rush to implement the new, we must be careful not to forego deep consideration and implementation of privacy and security measures as core components of our electronic health system.

Jonathan Friedlander, PhD & Geoffrey W. Smith

First Five
First Five is our list of essential media for the month which spans a range of content including scientific papers, books, podcasts, and videos. For our full list of interesting media in health, science, and technology, updated regularly, follow us on Twitter or Instagram.

1/ Friends & Genetics
From time to time we meet people with whom we immediately hit it off and instantly become friends (or the reverse). It turns out, at least in mice, that that there may be a biological basis behind this instantaneous compatibility reaction.

2/ Imagination
Many people could not imagine completing an ultra-marathon. A motivational tool called functional imagery training (FIT) has been shown that imagination is actually all it may take.

3/ Diet Diet Diet
Almost every month we write about nutrition, food, and diet in these Notes. In part this is because the intersection of nutrition and health is so complex. But, it is also because there is so much interesting research going on that continues to dissect and explain this complexity. Here are some striking recent findings:

– A prospective randomized multiomics study in humans investigating the longitudinal effects of a high-fiber or fermented-food diet shows their differential effects on the diversity of the microbiome, with the latter having a noticeable impact on reducing inflammatory markers and modulating immune responses.
Cell >

– Eating your daily calories within a consistent window of 8-10 hours is a powerful strategy to prevent and manage chronic diseases such as diabetes and heart disease.
Endocrine Reviews >

– Researchers showed that chlorpyrifos, which is banned for use on foods in Canada but widely sprayed on fruits and vegetables in many other parts of the world, slows down the burning of calories in the brown adipose tissue of mice. Reducing this burning of calories, a process known as diet-induced thermogenesis, causes the body to store these extra calories, promoting obesity.
Nature Communications >

– Can specific dietary guidelines help people living with bipolar disorders better manage their health? Clinical trial results showed that a diet designed to alter levels of specific fatty acids consumed by participants may help patients have less variability in their mood.
Bipolar Disorders >

4/ Stand Up
In addition to paying attention to what we eat, we also just need to stand up to achieve better health and prevent chronic diseases.

5/ Costa Rica & Public Health
Costa Rica is a beautiful and diverse country, and it also seems to be doing a much better job securing its citizens long and healthy lives as compared to the United States. Atul Gawande’s long piece in The New Yorker explores why putting public health first may be the secret to their success.

Digitalis Commons
Public-Interest Technologies for Better Health

Particles for Humanity is a public benefit corporation working to leverage medical technology and early-stage inventions to improve the health of billions of people in low-resource settings in Sub-Saharan Africa and Southeast Asia.

With 2 billion people around the world having enough calories to eat but remaining malnourished, one of two focal points of PFH's work is the reduction of micronutrient deficiency. Vitamin A deficiency in particular is a tremendous health threat, especially for children and pregnant mothers. In more severe form Vitamin A deficiency often leads to blindness, and all degrees of deficiency frequently lead to diminished immune function, leaving large swaths of Vitamin A-deficient populations at risk of severe illness from measles and diarrhea, among other illnesses.

As Sue Horton, France Begin, Alison Greig, and Anand Lakshman point out in a Best Practice paper from the Copenhaegn Consensus Center, "Studies have shown that vitamin A supplementation (VAS) of children under five at risk of deficiency can reduce all‐cause mortality by 23% (Beaton et al, 1993). This has been further supported by the recent Lancet journal series on child survival that identified vitamin A supplementation as one of the key proven interventions to reduce child mortality (Jones et al, 2003).". They also point out that interventions have the potential for very high benefit:cost ratios.

Fortifying staple foods and condiments is a proven strategy for reducing hidden hunger, but this approach has had limited success with vitamin A because it is unstable when exposed to heat, light, and water during storage and cooking. Microencapsulation technology which PFH has pioneered allows nutrients to stay stable during cooking and storage. Its product, PFH-VAP, will enable the integration of vitamin A into bouillon—a condiment consumed by 80% of sub-Saharan Africa—and its delivery to millions of people.

Digitalis Commons is serving in an advisory role to this mission, working closely with the Particles for Humanity team on business strategy to help ensure that the project can successfully achieve its aims.

To learn more about Vitamin A deficiency and solutions for low-resource settings, read the pioneering work from the Copenhagen Consensus Center by authors Sue Horton, et al:

Micronutrient Supplements for Child Survival (Vitamin A and Zinc): Best Practice Paper
Sue Horton, France Begin, Alison Greig and Anand Lakshman.

Hunger and Malnutrition: Copenhagen Consensus 2008 Assessment Paper
Sue Horton, H. Alderman, J.A. Rivera

To subscribe to Engineering Biology by Jacob Oppenheim, and receive newly published articles via email, please enter your email address below.