The UK’s Daily Mail reports that UK insurers are proposing to refuse to meet insurance claims when consumers are found to be sharing too much personal information about themselves online.
Of course this has already happened when families have had their homes burgled/ransacked after they (or their teen children) advertised their holiday plans on Facebook etc but I think it’s sadly not going to be long until we hear how patient opinion or Doctor/Hospital rating websites are also being used for such nefarious purposes.
One look on the Patient Feedback pages on NHS Choices and although most are annonymously contributed you immediately get to see plenty of genuine names of patients (it’s so openly accessible even scam websites – like Jerk.com – are obviously scraping these comments threads to make SEO optimised landing pages that you find when you google the names of these individuals) and the clinics they’re registered at. With most patients living within the locality of the GP they’re registered with it’s very easy to find corresponding Facebook profiles that match and it’s probably no suprise (eg. those who are active in authoring public comments on their Doctors performance are typically individuals who who are already active on social networks).
A few clicks and you’ve got an email address. A genuine looking personalised email later (which of course will look like it comes from the Practice Manager at XYZ Clinic – something that’s made easier by many clinics lack of a proper web presence) asking the patient to click a link and you’ve got a virus on their computer and they are the next victim of the UK’s CyberCrime economy (estimated to be valued at a staggering £27 Billion annually).
For a long time Doctors have been voicing their concerns about the potential for the online activities of NHS Choices to undermine patient trust in services and their own privacy and I’ve commented on some of the ridiculous things I’ve seen over the years (eg. the lack of evidence supporting the need for patient ratings, their naivety with regard to patient privacy when they interact with patients within advertiser funded social networking websites, the online broadcasting of waiting room CCTV to help patients gauge waiting times, etc) and while I can understand the reasons that Capita (the private sector firm that since 2008 has managed the Department of Health’s information website with a mission to “develop it into the health service’s digital front door for England”) want to avoid completely anonymous comments (these can reduce the perceived value of comments as they could simply be written by anyone eg a single patient, a staff member, a rival clinic staff member, etc) I wonder what it’s going to take for the regulators to step in and act to mandate that the patient creating this content need anonymity as a safeguard?
Perhaps NHS funded patient opinion and rating services should be scrapped until someone works out how to provide them safely to patients? One way might be by including them as an integral part of a secure patient portal (like the one the NHS recently scrapped or a platform like Microsoft’s HealthVault) where technology can be used to not only manage patient identities reliably but also ensure providers have ways of using this important feedback to learn more about their effectiveness so that they work with their patients more effectively.