Imagine checking your credit report to find healthcare bills past due and in collection, yet you never ordered or received those services. You’ve been a victim of medical identity theft, most likely from a security breach.
Unfortunately, it doesn’t take much imagination to visualize this scenario. According to a recent survey by Accenture, one in four Americans has experienced a healthcare related breach, and half of those affected will find out on their own, without any notification from their healthcare providers. Healthcare information is among our most personal and private data, so a breach can have serious personal and financial consequences.
Content patients and revenue depend on trust and security.
The survey found the stakes are high for digital security in healthcare — one quarter of those affected switched healthcare providers because of the breach. According to Accenture, healthcare providers that don’t make cybersecurity a strategic priority will put $305 billion of cumulative lifetime patient revenue at risk in just the next five years. This is more than a threat of regulatory action or bad PR. It’s an existential threat to business. As Accenture says, “You are one breach away from losing a healthcare consumer for life.”
Recent high-profile breaches of hospitals and large health insurers have shown how vulnerable our personal data is. And securing data is not getting easier. Healthcare companies have to worry not only about thefts of financial information, but also the private data in our electronic medical records, on our health insurance IDs, and increasingly, from wearables and medical devices.
Consumers trust medical providers with their data.
Despite these high-profile cases, consumers actually trust their traditional health care providers much more than app or device technology companies. 88 percent trust their physicians or other healthcare providers to keep digital health data secure, and 82 percent trust their insurer.
Healthcare companies are taking steps to secure content and information.
Healthcare companies are taking further steps to improve their digital security and defend against attacks. This requires rethinking organizational structure and more fully implementing technology solutions. Most healthcare companies have separate teams and technology stacks running campaigns, analytics, data collection, and so on. Too often, siloed systems do not use the same security standards across teams and technologies, which makes security breaches more likely, and harder to detect. When team, technology, and data silos are broken down, data is centrally stored and secured instead of integrated across systems, and processes like workflows for approvals may be built into the tools. This makes security and regulatory compliance easier and more efficient.
It makes sense. If each internal team is building separate customer-facing interfaces, the added complexity makes it difficult to identify and manage vulnerabilities or security gaps. And if companies are spending precious IT resources on integrating different systems and maintaining those integrations, security can be overlooked. In moving towards a unified digital foundation, make sure you are partnering with a dedicated team of security professionals who will offer alerts and do forensic backups, so you can communicate effectively with your audiences about the security of their data.
Many healthcare companies are also relying on the cloud to improve security. Cloud providers like Microsoft Azure and AWS have HIPAA-compliant services with specific product integrations to address the healthcare industry’s need for information privacy and security. If the cloud provider is HIPAA-compliant, you can sign a business associate agreement with them to transmit and store protected health information and architect solutions that are HIPAA and HITECH compliant. A great benefit of cloud usage is that even small companies, hospitals, or medical groups can benefit from the cloud provider’s compliance obligations for database, application, and network security.
How you can improve security today:
- Elevate the role of security officer in your company. Be sure this person has the authority and staff to secure all aspects of your technology stack.
- Use cloud services for key data and application storage. A cloud provider can be more secure than homegrown IT security for most functions.
- Choose a cloud provider who complies with HIPAA and is committed to remaining compliant.
- Communicate thoughtfully and fully to consumers about any security issues. Accenture found some consumers actually gained trust in their healthcare vendor after a breach if the vendor took immediate action and communicated early and often.
- Begin implementing a cohesive digital foundation that contains unified technology along with the processes and internal structures to help deliver secure digital experiences.
A centralized, robust digital foundation can help healthcare companies mitigate risk and stay in compliance for securing patient data. The stakes are high in health care. The more security requirements become standard in the industry, the more secure your digital foundation must be. Let’s use the best technology and processes to create a more secure future for healthcare.
At Adobe, we take security seriously. Read more about our approach to making your data secure in this white paper, and about our HIPAA-compliant services here. To find out more about how we can help healthcare companies, please visit our healthcare industry page. You can also read our new article on data integration challenges in healthcare.