Rx for Healthcare Headaches: Data Security

February 8, 2021
Share on:

An industry-defining transformation that saw millions of patient records transferred from analog to digital came on top of huge increases in the amount of data that healthcare organizations were collecting and managing. Now, technological advancements in patient care are creating even more data and causing some severe headaches.

First, there was the new phenomenon of patients wanting to share the data collected from wearable devices that promote exercise and healthy eating—a welcome development in medicine, for sure, but one that suddenly introduced a new layer of data for healthcare providers to cope with.

And there is yet another wave of data surging in healthcare, in response to the global pandemic. Hospitals, healthcare providers, and governments are relying on various types of data to track cases of COVID-19 and get a quick handle on when and where outbreaks could happen. An ability to pinpoint outbreaks enables health officials to better plan medical responses and allows governments to moderate restrictions on business and schooling. Medical researchers, meanwhile, use data to study the underlying makeup of the coronavirus and patients’ reactions to trial vaccines.

At the same time, doctors who shuttered offices or limited appointments as a health precaution have relied largely on telemedicine visits to treat patients, who, in turn, share more data in preparation of those virtual calls and again in post-appointment follow-up communications with their providers. Taken together, all these digital services leave no doubt that data, more than ever, drives outcomes in healthcare.

But with a great appreciation of what medical data can do comes increased responsibility in protecting patient information, which must be kept private and secure at all cost. When a file holding a customer’s credit-card information is breached, damaging as that is, a new card can be issued. There is little remedy for a patient’s medical history getting out into a black market where hackers can make great financial gains selling personally identifiable information (PII) or using the data as a springboard in other scams.  

A New Interest in Data that’s Hard to Quickly Access

Numbers bear out the increase in healthcare data and indicate it will become even more relevant—and voluminous—in the future. Take one example: a Stanford Medicine survey found that 83 percent of physicians believe there is clinical value from data generated by wearable devices. Incidentally, nearly half of the physicians and three-quarters of medical students surveyed by Stanford say they want training to better prepare themselves for healthcare innovations centered on data, such as advanced statistics, genetic counseling, and coding.

Just as the healthcare industry was discovering these and other potential uses of data, it became immediately apparent that data insights can help treat COVID-19. As MedCity News reported, several U.S. hospitals had data engineers create a specialized AI-driven streaming app that uses electronic health record (EHR) data to predict the number of patients who would need ventilators to combat the virus. Meanwhile, a data science team at Cedars-Sinai Medical Center created a machine learning platform to review the forecasting models of COVID cases against expected and current treatment needs of patients to predict capacity, supply demands, and necessary staffing.

Data is informing other efforts to reduce the spread of coronavirus. The University of Washington is developing an analytics model to devise policy recommendations about reopening and closing businesses and schools, as well as how to distribute a vaccine. And the pandemic has encouraged patients to share their personal health data with healthcare providers: 73 percent surveyed by Deloitte said they will do so without reservation. Deloitte attributes the willingness to share as an affirmation that patients accept medical innovations such as telehealth, which because of social distancing is sometimes the only way a patient can see a healthcare professional.

All of these data-driven initiatives, however, include patient and proprietary information that has to be classified as sensitive. That’s worrisome. Unlike businesses in other industries, the healthcare field has a complicated history with data. Hospitals and medical practices rely on several different EHR systems that have complex data-storage and analytics architectures. As PatientEngagementHIT observes, these systems don’t interact and preclude healthcare professionals from collecting and analyzing all the data they need to have a complete picture of a patient’s health.  

Data scientists spend more time freeing data from EHR and less time building innovative models that can improve patient outcomes. They apparently have had enough. Many of them are now leading a charge to create interoperable systems that engender seamless analytics across hospitals, according to PatientEngagementHIT. The key, they say, is to load EHR data into open-source technologies that are built for analytics, such as Apache Spark and Delta Lake. With EHR data flowing smoothly into these technologies, hospitals no longer face longstanding hurdles and can build applications to streamline and automate medical processes based on real-time information. The key will be, of course, keeping this data safe and secure.

Healthcare Innovation is Tied to Data Security

Even once the pandemic subsides, the use of data improve medical treatment and study disease and patient health will continue to make healthcare less reactive and more proactive. But any gains from data-driven initiatives will be tempered if the data itself can’t be protected. Healthcare organizations have to closely follow the stringent expectations of patient privacy that are codified in HIPAA.  

As with any other business, many hospitals and medical practices don’t have the time or sometimes the wherewithal to properly find all of their data and then classify it as sensitive—two critical steps before they can effectively protect it.

Protection of healthcare data is, unquestionably, paramount. Look no further than the recent discovery that governments and companies involved in the distribution of COVID-19 vaccines were targeted by cyber-attackers in a possible attempt to disrupt dispersal of vaccine doses or as a case of intellectual property theft. The healthcare sector was the most targeted industry by hackers in 2019, and that only continued in 2020, with 382 data breaches over a 15-month span that cost organizations more than $2.45 billion.

Healthcare organizations need a data-security platform that can do all of that: unify all of their data by classifying, discovering, and protecting it, no matter where it is—whether it’s in cloud applications and platforms or in on-premises systems—or what’s it doing. A data-security platform that helps them honor the commitments of HIPAA will, in turn, help them advance innovation: wearables and telemedicine visits further strengthening the connection between patient and physician; machine learning to review and align patient histories and medical research; automated programs scanning X-rays and other data.

Healthcare organizations can boldly step forward with digital efforts to improve healthcare and manage costs, as long as they can effectively protect data. There is no other remedy and they have no other choice.