Somewhere on the Internet there is a photo of me topless. I’m not a celebrity, and this photo was not taken by paparazzi, an ex-boyfriend, or hackers—it was taken by a medical professional. In 2015, I was diagnosed with breast cancer, which was followed by a mastectomy, and then reconstructive surgery. An attendant in the doctor’s office took before and after photos of me for their records, naked from the waist up. I was told that the photos would not include my head, and would go directly to their database—though this was not comforting when the medical assistant whipped out her personal phone to snap the pictures.
As we’re all well aware, there are far too many ways for photos of this nature to get out of control. If automatic backup or online photo library were turned on, the photos would be automatically copied to the cloud where they could be at risk of being hacked, as happened to iCloud in 2014. Now, I realize that I’m not a celebrity, but this is one example of the sometimes nonchalant attitude towards digital security that is the root cause of many, many breaches.
My topless photos are just one of the many privacy concerns I had while going through the process of diagnosis, treatment, and recovery. During one of my first trips to the hospital, I filled out the required forms. Upon completion, watched a tech enter my personal data into a nearby computer, and subsequently drop the paper forms into an unmarked cardboard box. Curious, I continued to eye the box, and a little while later, the janitor came by and dumped the contents of the box into the garbage bin, and then into the dumpster. When I asked the office about it, they said that all paperwork was shredded before being disposed of in the public dumpster—but this was obviously not what I had witnessed.
As any survivor will tell you, there are numerous medical professionals involved with breast cancer treatment, and so a lot of paper is passed around. There are laws about personal privacy, such HIPAA (Health Insurance Portability and Accountability Act) in the U.S., which states what procedures and safeguards must be in place to protect personal healthcare info. But through my experience, I have doubt that any of the doctors’ offices that I went to were fully complaint, so more laws are not the answer. What’s more, it is not just paper medical records to worry about. Everything from large MRI machines to portable medical appliances and even wearable or implantable devices are being connected to the network, and their information digitally transmitted between offices.
Don’t get me wrong, I am a strong proponent of e-medical records. They enable information to be communicated quickly between professionals, which is fantastic for diagnostics and treatment. But through my journey, I observed very few controls on most equipment, making it easy to share, copy, or steal personal information, which is tough for the patient. Lab data, scanning data, hospital records, doctor records, therapy records, blood tests, prescriptions, and photographs of me (and all of the other patients) are floating freely around the system.
Additionally, since breast cancer can arise from environmental or genetic factors, samples are taken for DNA testing. Improvements to genetic testing for common gene variations and mutations, and gene-specific targeted drug therapies are leading areas of breast cancer research. I am HER2 positive, so my entire genome was shared with universities and foundations, and so it possibly floating around in many other places. While it is not yet completely clear what the risks are of sharing genetic information, it is yet another example of how a cavalier attitude towards personal privacy could have a long term, negative effect if your data falls in the wrong hands.
What can you do to keep yourself safe? My advice is to take considerable precautions when interacting with the healthcare system. Educate yourself on best practices of personal data security All of the people I worked with were terrific at their primary jobs, but I wish that everybody was required to have a reasonable amount of security training and awareness. Make it more difficult for unauthorized people to get access to my data, my DNA, and my boobies!