Healthcare providers today need to be able to share and access information in an increasingly connected ecosystem, not just internally, but also with more and more external organizations. For example, in academic settings clinical data needs to be shared by clinicians and researchers. This can include looking at the health outcomes of groups of individuals with the aim of improving health across an entire human population.
Other use cases today require data to be shared between third party service providers, the government, life science companies, and even competitive healthcare providers; add this to medical IoT data from both provider equipment and personal devices and while the ends here sound great, the risks associated with doing this poorly really matter.
The creation of ‘patient centric care’ is, by its very nature, built upon sensitive data integrated from every facet of healthcare – wellness, chronic disease, acute condition care, recovery and post discharge monitoring, health coaching, and care compliance. This means that healthcare providers need to be able to share patient information at the same time as they protect it from privacy and business risks. They need specifically to be able to control what doctors see about patients versus what those responsible for processing payments see about patients. Specifically, they need to ensure that everyone involved in the healthcare ecosystem can perform their duties efficiently, without compromising member patient confidentiality.
With the rise in healthcare IoT and the popularity of fitness apps and wearables, healthcare records are being appended with new forms of data at an unprecedented rate. Historically, walls have been established to protect patient records, but controlling access within increasingly extended healthcare provider ecosystems which include payer partners, life science companies, internal researchers and clinicians, is difficult. Walls are no longer appropriate when healthcare providers are increasingly adopting third-party services and cloud-based big data applications to improve clinical outcomes and communication with partners and patients.
These services and applications matter to patients as well as clinicians. Healthcare providers use third party technology to identify trends in monitored data to predict opportunities for early intervention to prevent epidemics, discover cures to diseases, avoid unnecessary deaths, and reduce costs associated with rising healthcare treatments and an aging population. Healthcare providers using data as evidence to support changes in care paths are increasingly dependent on EMRs and IT systems to communicate critical information to improve medication and care. At the same time, they are concerned about the risks to patients’ privacy.
While chasing the latest medical innovations, healthcare facilities are rapidly learning that caring for patients means having to also protect medical records and technology systems. Healthcare providers, therefore, must keep patient PHI and PII safe from internal and external risks with strong controls. These can prevent data loss, theft and misuse as a consequence of attack or unintentional action. Not only is data theft an issue, but privacy violations also represent a risk to compliance with industry and legislative requirements. Healthcare providers need to ensure they comply with regulatory mandates in order to avoid the stiff fines and lawsuits that result from noncompliance.
Perhaps most importantly though, patient trust can be lost as a result of cyberattacks, which negatively impacts the retention of members who expect their personal information to be secure from theft and privacy violations. For this reason, healthcare providers need to look at data protection as a means to protect and enhance their brand’s reputation as well as eliminate revenue impacting penalties.
In 2015, the healthcare industry was one of the top three industries hit with serious data breaches and major cyberattacks. The reason is obvious – healthcare organizations are rich repositories of exploitable personal information, such as credit card data, email addresses, Social Security numbers, employment details and medical history records, which makes them attractive targets for cyber criminals. IDC’s Health Insights group predicts that 1 in 3 healthcare recipients will be the victim of a medical data breach in 2016, a claim supported by the fact that 89 percent of healthcare organizations have reported at least one data breach and almost as many have reported two or more breaches.
Clearly there is incredible value in creating a unified view of patients by integrating data from a variety of sources and systems to be shared and accessed across hospital departments and the wider healthcare ecosystem. Alleviating the privacy risks associated with assimilating all this patient data requires that organizations proactively protect members’ personal information from re-identification and hackers. What is needed today, is the ability to safely link clinical, operational, and financial patient data without compromising its security, integrity or its usability.
If you’re concerned about the above issues, I’ve recently put together a more detailed look at the difficulties healthcare providers are facing today, as well as approaches to overcome them and you can reach it here: Transforming Healthcare Provider Service with Data-Centric Security – let me know what you think.