Payers need to step up their game to protect members' data. This was the consensus during a panel discussion on how to build consumer trust in the big data enterprise at the America's Health Insurance Plans (AHIP) National Health Policy Conference in the District of Columbia Wednesday.
[Cybersecurity Special Report: How healthcare executives handle growing privacy threats]
How can payers build a trusting relationship with their members? Take advantage of technology, Brueing said. Instill a dual-goal mindset: Protect the individual and also promote innovation. Big data can help payers asses the risk of their members. If there is a risk, identify and mitigate it.
The obstacle of protecting big data lingers. "We're not quite there yet," said Jim Routh, chief information security officer of Aetna. "Right now, we have the encryption capability to encrypt certain fields that are searchable. Where we're headed is total search based on encrypted data. Hopefully, technology is almost there for searching on encrypted data."
What's now clear, especially after hackers broke into an Anthem database and compromised the personal information of nearly 80 million members, is that binary controls on data--simple usernames and passwords--don't really work.
On the other hand, behavioral information--which payers such as Aetna possess in large quantities--can work as a privacy method. Routh used Aetna's mobile app, iTriage, as an example. The app knows quite a bit about an individual user, and that provides an added layer of protection.
"Think of mobile apps as your privacy officer," Routh said. "We need new, innovative privacy standards in place in order to have a better relationship with our consumers, because technology is well out in front" of what the industry is currently doing.
What's more, in light of the Athem attack, federal officials plan to review whether HIPAA should require encryption. But when it comes to regulations regarding privacy protection, members don't care if you followed the law, added Brueing. They only care if you protected their information.
"As a payer, you don't want to later say, 'Oh, we've been Anthemed,'" Routh added.