Recent trends have emerged in digitising increasingly larger amounts of information. With the ever-growing senescence of the world population, the demand of elderly care has experienced a steep rise and is expected to grow even further. (Schumacher 2017) This higher demand has led to an increased number of burnouts reports by care staff and on top of that, governments have announced budget cuts and savings in decreased subsidies (Voskuil 2014, Stam 2010). Therefore, measures have been taken in digitising health information in order to increase efficiency (Het Digitale Landschap 2016).
Despite the significant benefits associated with health information databases, however, potential threats to privacy could arise that should be considered. Regarding security issues, there are many risks associated with sensitive information storages that are highly volatile to burglary, hacks and abuse. Leaking such data involves unprecedented negative consequences. (Johnson et al. 2004) Even though most citizens would allow health organisations to use their sensitive information fostering medical research and preventing diseases, the majority would most likely only agree with limited, exclusive access to such medical organisations. Nonetheless, there are many other third parties that would be interested in analysing the health surveillance data.
This problem comprises privacy as contextual integrity, which is defined as the “adequate protection for privacy to norms of specific contexts, demanding that information gathering and dissemination to be appropriate to that context and obey the governing norms of distribution within it” (Nissenbaum, 2004, p. 101). Failing such separation of spheres would involve exposing citizens to considerable dangers. Starting within the medical world itself, health insurance companies could potentially exploit the sensitive information derived from the DNA samples by discriminating prices between high-risk and low-risk patients. Moving outside the medical world, many examples could be provided of other interested parties that could harm privacy rights. For example, employers could act unethically by avoid hiring employees with high risks of diseases. Furthermore, law enforcement would have a high stake in using the health information for solving its own cases by scanning DNA found at a crime scene against the health surveillance database. Although sometimes well intended (e.g. solving criminal cases), police and other institutions violate a person’s right of privacy established in laws and constitutions.
However, there are several ways to offset these confidentiality and security risks. Firstly, DNA samples could be destroyed after being analysed and converted into DNA profiles, thereby eliminating risks of theft since the actual physical sample itself does no longer exist. Moreover, another solution encompasses a role‑based access control model which assigns ‘read/write’ or ‘read only’ privileges to authorised people only. To enable its operationalisation, modern security technologies could be employed. One way to ensure data security and to prevent eavesdropping can be achieved through encryption, which transforms sensitive information into cipher text using a code or formula. (Meingast, Roosta, Sastry, 2006) This way, the data becomes unreadable for outsiders while only granting access to those who have a ‘key’ – a code that unlocks encryption. More specifically, public key encryption could be used to secure electronic transmissions considering today’s digitising and globalising world. This system relies on two keys: a public key and a private key, the latter to be held only by certificate authorities. By implementing encryption systems, the impact of hacks and brute-force attacks could be reduced close to zero as the scrambled data codes hide the content from unauthorised third parties. (Coppersmith, 1994)
Furthermore, authentication mechanisms can be employed to ensure the data is coming from or sent to the person/entity it is claiming to be (Meingast, Roosta, Sastry, 2006). Multi-factor authentication could be used to require users to present more than one item to prove credentials. In addition, biometrics could be employed to authenticate users by analysing a person’s human body. (Jain, Bolle, Pankanti, 2006) Finally, laws and regulations should be developed to ensure data safety and privacy. For example, the existing Dutch law of DNA Testing Convicted Persons Act states that law enforcement is only allowed to use DNA samples of citizens that have committed a criminal offence (Openbaar Ministerie 2015). International guidelines should be designed and expanded in the same matter based on fair principles that respect citizen’s privacy.
References
Canetti, R., Halevi, S., & Katz, J. (2003, May). A forward-secure public-key encryption scheme. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 255-271). Springer Berlin Heidelberg.
Coppersmith, D. (1994). The Data Encryption Standard (DES) and its strength against attacks. IBM journal of research and development, 38(3), 243-250.
Het Digitale Landschap 2016, Onderzoeksrapport digitale landschap zorg 2016, Het Digitale Landschap, viewed 14 September 2017, <https://hetdigitalelandschap.nl/zorg/onderzoeksrapport-digitale-landschap-zorg-2016/#download>.
Jain, A., Bolle, R., & Pankanti, S. (Eds.). (2006). Biometrics: personal identification in networked society (Vol. 479). Springer Science & Business Media.
Johnson, P, Martin P, Williams R 2004, Genetic information and crime investigation: social, ethical and public policy aspects of the establishment, expansion and police use of the National DNA Database, Durham University, Durham
Meingast, M., Roosta, T., & Sastry, S. (2006, August). Security and privacy issues with health care information technology. In Engineering in Medicine and Biology Society, 2006. EMBS’06. 28th Annual International Conference of the IEEE (pp. 5453-5458). IEEE.
Nissenbaum, H. (2004). Privacy as contextual integrity. Wash. L. Rev., 79, 119.
Openbaar Ministerie. (2015). DNA Testing Convicted Persons Act. The Hague: Public Prosecution Service. Communication Department.
Schumacher (2017). Cijfers: Vergrijzing en toenemende zorg. Zorg voor Beter.
Voskuil (2014) Zorgpersoneel: verwaarlozing ouderen structureel probleem. Algemeen Daglblad
