Cybersecurity of Health Care Data in Population-Based Health Information Exchanges
Health information exchanges (HIEs) integrate electronic health records from multiple healthcare facilities in a geographic region, and secondary use by researchers of the data from these large generalizable samples have tremendous potential for benefitting population health and informing public policy. Although state and federal laws provide some architecture for protecting healthcare information privacy, most of these laws predate and do not contemplate the recent explosion in the number of online information sources, leaps in computing capabilities, and rise in hacking incidents. The absence of standard data sharing guidelines with rigorous privacy guarantees has made health care organizations afraid to share data, posing significant hurdles for the population health research use of HIE data. An interdisciplinary group of faculty with expertise in population health, epidemiology, computer science, statistics, health policy, bioethics and law will address these challenges from two perspectives: (1) societal, legal and health policy aspects, assessing the public’s views regarding HIE privacy risks and proposing legal and policy measures that would better achieve the balance of risks and benefits the public desires; and (2) cybersecurity aspects, addressing the key technological challenges for designing secure encryption systems and statistical techniques and identifying critical gaps where novel solutions are needed.