Technology, Data, and Medicine have gone hand and hand for many years, and 2020 delivered the largest funding year to Digital Health to date.
The Patient Data Collection Explosion: Technology has increased the amount of Protected Health Information (PHI) that is collected and shared.
- Wearable devices, Electronic Health Records (EHR), and the Internet of Medical Things (IoMT) have made data the new healthcare currency.
- Chatbots and virtual assistants will increase the collection of healthcare data.
- Healthcare data will experience a compound annual growth rate (CAGR) of 36 percent through 2025.
Medical Data is Valuable to Bad Actors: According to a 2019 Trustwave report, medical/healthcare data is worth exponentially more than financial data such as credit card data.
- Healthcare data contains personally identifiable information that can be used for identity fraud.
- Healthcare data can be used for financial fraud.
- Healthcare data can be used to commit health insurance and Medicare fraud.
The Impact of a Data Breach: Data breaches have a multifaceted impact.
Breaches are costly. According to the IBM 2020 Cost of a Breach Report, the average cost of a data breach is $7.13M, and healthcare breaches are the most costly.
Breaches are damaging to patient and healthcare relationship trust.
- People view data protection as a right – not a privilege.
- The National Committee on Vital and Health Statistics says there are dangers to health privacy interests caused by inappropriate data access, storage, transmission, or analysis.
The Probability of a Breach is High: As the use and value of technology in healthcare continues to rise, the number of interconnected devices grows as well. Data and Electronic Protected Health Information (ePHI) shared across these interconnected devices create more opportunities for bad actors to attack.
- In late October 2020, the FBI and Homeland Security issued a warning to hospitals about an “imminent cybercrime threat to US hospitals and healthcare providers.”
- Healthcare providers have seen a 45% increase in cyber attacks since November, and the healthcare industry accounts for 79% of the attacks in 2020.
HIPAA designed for yesteryear: The Health Insurance and Portability and Accountability Act (HIPAA) was signed into law in 1996.
- HIPPA was created around the same time that the internet was seeing increased use.
- The purpose of HIPPA, when signed, was focused on helping employees with the transferring of their health insurance between jobs.
HIPAA Security Requirements: Under HIPAA, Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) must create safeguards for protecting data. Healthcare businesses and organizations must develop policies and procedures that include:
- Physical control of the data
- Protections around access to physical data
- Technologies to protect electronic communications
Bridging HIPAA for Data-Driven Healthcare: A recent article in HIPAA Journal summarized the issue well, “The use of technology and data sharing is essential for improving the level of care that can be provided to patients, yet both introduce new risk to the confidentiality, integrity and availability of healthcare data. While policies are being introduced to encourage the user of technology and improve interoperability, it is also essential for cybersecurity measures to be implemented to protect patient data.”
Multiple stakeholders will need to work together to keep the ecosystem safe.
Patients sharing information through unsecured channels while away from home will continue to be a significant risk to privacy. Healthcare providers must educate patients on the importance of only accessing and sharing data on secure devices and internet connections. And patients must implement those practices.
Healthcare Industry leaders must take proactive steps and invest more money to update their technology infrastructure to harden them against cybersecurity threats. According to Fierce Healthcare, only 23% of healthcare organizations have fully deployed security automation tools.
The Government needs to take steps to update HIPAA Regulations. HIPPA must be overhauled to address the framework for protecting patient data in a digitally connected and data-driven healthcare ecosystem.
The Bottom Line: Data improves patient care and outcomes and must have a safe ecosystem that protects healthcare data privacy.