Data security is a major topic across many industries, but it could be argued that there’s no single area of business where it’s more significant than in healthcare.
[Editor’s Note: This article was contributed by freelance writer Anna Johansson.]
The Need for Better Data Security
According to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, data breaches in the industry remain high in terms of volume, cost, and frequency. An astounding 9 out of 10 healthcare organizations involved in the study suffered some sort of data breach within the past two years, while 45% suffered five or more separate data breaches.
“Estimates based on the results of this study suggest that breaches could be costing the healthcare industry a walloping $6.2 billion,” says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “The average cost of data breaches for covered entities surveyed is now more than $2.2 million while average cost to business associates in the study is more than $1 million.”
While much is being done to protect the industry’s robust record systems and the valuable data they store, it’s not enough. Cyber criminals are becoming more sophisticated in their methods and there’s a need for greater attention and focus on preventative methods.
How Data Security Can Become a Priority
How can data security be made a bigger priority? That’s what everyone wants to know. And while there, unfortunately, isn’t one single solution, there are many ideas and opportunities for strengthening data security in the healthcare system. These are ideas and opportunities that must be taken seriously.
The first important step that must be taken is to transition from a system of penalization to a system of prevention. Currently, the focus in the healthcare industry is on penalizing organizations for data breaches. There’s nothing inherently wrong with this approach – accountability is a must – but it’s unnecessarily bogging processes down.
“In our current model of ‘audit and penalize,’ costs and personnel time associated with a protracted investigation can paralyze an organization’s security infrastructure by requiring voluminous data, policy, and procedure requests that detract resources from their normal monitoring, detecting, and mitigating responsibilities,” explains Marc Probst, CIO at Intermountain Healthcare. “Many times, both time and money, which could be used to better protect data, is wasted on inessential efforts.”
Another significant step would be for healthcare organizations to add a new position to the C-suite. Naming a Chief Security Officer, or CSO, with specific security expertise to oversee both physical and cyber security would be a tremendous step forward.
While many argue that a CIO is tasked with information security, the reality is that security is too fluid for a CIO – security responsibilities require specialized training. It’s something that needs to be handed off to experts who have spent years studying security prevention.
“Smaller organizations without the infrastructure or resources to hire a CSO should consider outsourcing the job to a professional services firm that specializes in healthcare security,” expert Alison Diana suggests. This can be done in a surprisingly cost-effective manner and would be worth every penny spent.
The Future of Data Security in Healthcare
It’s unclear what the future holds in terms of data security in the healthcare industry, but this much is known: something must be done soon in order to curb the rate of attacks and the wake of destruction they leave behind. It’ll be interesting to see what sort of technological innovation, legislative policies, and structural changes are used over the course of the next few years to tackle this alarming issue.