Healthcare Privacy

AbstractAs healthcare shifts towards the digital realm and healthcare delivery steers to patient-centric solutions, new privacy risks emerge. Such risks are acknowledged, but understanding and addressing them with privacy-enhanced technologies is practically challenging. This chapter describes privacy concerns and risks that emerge with the digitization of healthcare services, the availability of Internet-of-care-things, and the usage of online services for medical data. To ensure patients’ privacy, collaborative efforts from stakeholders are necessary. Patients, practitioners, and family members play an important role, along with medical organizations, including hospitals, insurance companies, and clinics. Privacy-preserving mechanisms go beyond the protection of patients’ data to the infrastructure of medical devices, networks, and systems. The data life cycle, from collection to disposal, must be considered when implementing privacy protections. Principles, policies, and regulations addressing privacy are limited and costly to implement, failing to cover novel technologies that collect and transmit medical data. In the USA, HIPAA is the de facto policy standard. Nevertheless, HIPAA disregards data collected by wearable sensors, fitness trackers, and smartwatches. It does not consider social media networks, mobile applications, and discussion forums where users share medical information. Lastly, genetic data available through online profiles rises privacy issues that are neither known nor regulated.