Doctors and healthcare centers as well as pharmacists have started using chats these days to get closer to their customers. However, the preservation of these chat discussions of super-sensitive patient medical history may prove a very serious threat to that security.
In the eyes of HIPAA and lawyers for consumers whose data may get accessed, it won’t make much of a difference who said the protected data. They will assume that a retail conversation-in this case, a patient-to-pharmacist conversation-will be protected as well as any sensitive medical data.
To avoid such threat, pharmacists could opt for an approach where live chat retailers will have no access to patient medical records and will instead only react to what the customer chooses to share during the exchange. However, once those customer-shared thoughts are preserved in the chat transcript text file, they can be later accessed.
Some chains like Walgreens are allowing its pharmacists to access full pharmacy histories for all customers, but they’re not supposed to reveal anything until the patient has verified identity by answering questions. According to Walgreens spokesperson Jim Cohn, the live chat sessions are encrypted. But given that the consumer has to be able to read the answers, it’s unclear how secure those communications could be. Even if we assume, however, that they are fully secure, it’s unclear how secure the transcripts of those chat sessions will be.
Whatever be the procedure adopted by the chains, chats are always a threat to patients sensitive medical information as the information stays in the system and could be leaked either through backups, chat transcripts, cyber thefts and search engine spiders. All of the security in the world will be made meaningless by the weak link. If not properly handled, chat transcripts of sensitive discussions might be just that.