By Dan Bowman
Shaun Greene (pictured right), chief operating officer for Salt Lake City-based Arches Health Plan, tells FierceHealthIT that for health insurers, as well as providers, there is no safe harbor from a data breach.
"My organization has been hypersensitive to the reality we live in and has been very proactive in prevention," Green says. "But we must continually be widening our defenses and staying vigilant. We can't be like the French prior to World War II. They built the Maginot Line in the 1930s to keep the Germans out, but it didn't work."
To widen those defenses, Green--in a prior interview with FierceHealthPayer--suggests layering protections and avoiding the cloud to store data from applications that require strict security standards. He also called for better employee training around privacy and security, and making penetration and application testing a continuous priority.
"Create a culture of security to demonstrate the company's commitment to data security," Green says. "Employees are smart. If they see senior-level executives not taking this seriously, neither will they."
He adds that the goal of Arches is to never be put in a position to have to regain the trust of consumers.
"We are realists and have a cyberliability policy in the event that something happens," he says. "Our policy includes services to resolve all issues around a breach. But our goal is to never make a claim on that policy."
Lisa Gallagher (pictured left), vice president of technology solutions with the Healthcare Information and Management Systems Society, adds that payers, providers and vendors all would be wise to share cybersecurity information with peers in a meaningful way. The Health Information Trust Alliance (HITRUST) last fall started an initiative in which healthcare entities share such information with a goal of speeding up detection and response to threats targeted specifically at the healthcare industry.
"This will take a concerted and focused effort in the industry and also a partnership with government agencies and departments to utilize their resources and law enforcement assets," Gallagher tells FierceHealthIT. "This really is a call to action for a whole new paradigm."