Long-Awaited HHS Data Sharing Rules Raise Privacy Worries
EHR Vendor Epic Among Critics Raising Many Concerns About Pending Rules
“The privacy issues and the introduction of potentially insecure endpoint access are more of what concerns these vendors,” notes Keith Fricke, principal consultant at tw-Security.
… Fricke says he has similar concerns about the privacy and security of consumer apps when they access and share sensitive health data.
“Mobile apps that are not programmed with security in mind are of concern. Additionally, some mobile apps are written to harvest information for reuse or sale,” he notes.
“End user license agreements can be worded so that someone clicking to agree to it has given away their rights on how the data can be used. There is no guarantee the applications are written to protect the data appropriately.”
Many users of smartphones may have few or no security controls on their devices, Fricke says. “A lost or stolen phone with no access controls may offer opportunities for unauthorized people to access any information on the device, including the mobile apps to access health information. Poorly written mobile apps may not clean up cached data after a person ends their session.”