Poor data security hinders healthcare progress, innovation

Progress in the healthcare industry depends on the free flow of information--but with that comes the need to ensure that data is secure, Harry Greenspun, M.D., director of the Deloitte Center for Health Solutions, writes at the Wall Street Journal.

"From lapses in protocols to sophisticated cyberattacks, the public is confronted with exposure on a massive scale," he writes.

As healthcare begins to embrace big data, Greenspun says there are some things to consider:

  1. Healthcare information is in a category all its own compared to other data. A person's personal health data is some of the most sensitive data there is, he writes; compromising that information has far-reaching consequences that can impact patient safety.
  2. Privacy is an individual thing. Some patients may be willing to share data for research or on social media and websites, but they also "fiercely protect other personal health data," Greenspun says. That will cause tensions between patient privacy and data use for the greater good.
  3. Communication is lacking in the industry. "While we have invested heavily in [electronic health records] and health information exchange, we have done little to educate the public whose data may be at risk," he writes.

Greenspun adds that organizations must have a cybersecurity strategy that is "secure, vigilant and resilient." Healthcare providers and payers should perform risk reviews of their information supply chain; include business associates in their security plan, and invest in security programs that have continuous monitoring and updating, he says.

Providers and payers must implement "good health hygiene," according to David Blumenthal, M.D, Commonwealth Fund president, and Deven McGraw, privacy attorney and member of the Office of the National Coordinator for Health IT's Policy Committee. Currently, many do not take simple steps to prevent breaches, including encrypting data, prohibiting use of personal devices for work purposes and properly authenticating users, they wrote in an editorial at the Journal of the American Medical Association.

To learn more:
- read the WSJ post