December 14, 2016
Privacy and Security are Key to Enabling Data-driven Healthcare
While the HIMSS Privacy and Security Forum last week in Boston featured a diverse group of healthcare professionals from payers and providers of all sizes, there was one common theme that everyone agreed on.
As Jeff Coughlin, Senior Director of Federal & State Affairs at HIMSS, put it: “IT’s role remains fundamental to a high-functioning healthcare system” in an era when “Americans [are] increasingly engaged in health and technology.”
At the end of my three days learning more about healthcare’s privacy and security challenges, I left with five clear takeaways which I believe will underpin the success of data-driven healthcare organizations in the years to come.
- Compliance is not security
Healthcare organizations must move beyond compliance-based security to a maturity-based model. This means rather than checking boxes (like “we’re encrypted”), payers and providers need to continually measure their security efforts and ask – Is it working? Is it providing the protection we expected? Is it providing the protection patients expect?
- Cyber defense is an information management problem, not just a security problem
Healthcare IT should be focused on fostering open, responsible data sharing with a high regard for participant privacy. Security is simply a way to protect personal data within business processes, but privacy can only be achieved in conjunction with best practices and data protection policies that are consistently enforced across every system, enterprise wide.
- Economics is the key to prioritizing what to defend
Investments in security must be a business decision, not a technology decision. Within an organization, ask – Where is the most value derived from data? Where is data most vulnerable and the most liability created? – Then invest in protecting those areas first.
- You can never take your vulnerability to zero
The security model has fundamentally changed as borders have virtually disappeared. With digital disruption, there will always be a point of entry, and these vulnerabilities are only growing as more and more devices connect through the Internet of Things. Applying security to sensitive data itself can ensure it is protected through its entire lifecycle – regardless of where it travels, rests, and is used.
- Maintaining trust in systems is key
Disruptions in care from false information are much more damaging than actually taking down a system. Healthcare organizations must ensure security and access controls are enforced consistently across the entire enterprise in order to maintain trust in their systems and their data.
If you care about the privacy of the patient data that your organization is using to innovate and transform, you can learn more about protecting personal data itself here: For Payers / For Providers