As an Emergency Medical Technician and former ER tech, I am amazed by the amount of change that healthcare has undergone. I am not talking about the advances in medicine though that is certainly impressive. I am referring to the intersection of technology and how it supports many of the healthcare interventions seen in emergency medicine today.
Whereas charting and labs used to be written with doctor or nurse scribble which was barely decipherable to the untrained eye, today everything is digital. Charting starts with EMS in the field and arrives at the receiving facility before the patient ever hits the trauma bay. Orders are written virtually and automatically based on the mechanism of injury (MOI) or nature of illness (NOI), and the doctor simply has to approve or change the recommended orders. Through-out the patient stay, information is gathered and stored including lab work, cardiac rhythms and even data received from the patient’s bed. It is all assimilated to help determine patient condition and response to treatment. In fact, studies have shown that patient outcomes are improved just based on leveraging technology to capture and synthesize these multiple feeds of health related data.
Anyone who has spent time in the health field is well aware of notion of side effects to a treatment. With every medical advance, the possibility exists of there being an undesired result that could occur when treatments or medications are dispensed. It is incumbent on the doctor to inform the patient as to what the side effects may be. When it comes to leveraging technology in healthcare there may also be side effects which the patient is unaware of until it is too late. Understanding the “side effects” of a technology infusion are critical – and the risk of the inadvertent leak of your healthcare information tops the list.
Interested in learning more about threats to data in healthcare? Download the Healthcare Edition of the 2016 Vormetric Data Threat Report here
Many security pundits point to “The Anthem Breach” as a watershed moment where the healthcare industry was forced to come to terms with the fact that patient healthcare data is desired by hackers and is therefore at risk. In fact, Forbes reported that in 2015 alone, nearly 35% of the US population had their private information stolen as a result of a healthcare breach. Given those numbers and borrowing a healthcare term, the issue has reached epidemic proportions. Epidemics generally raise fear in the eyes of the general public, but what has happened now that we have some distance from the Anthem breach? Nothing but a collective yawn. Healthcare organizations have largely not changed the way they safeguard your data; and the only one to blame is YOU!
Organizations, whether in healthcare, industrial supplies, finance, retail or anything else will generally only make changes when NOT doing so with hit them in the pocketbook. If customers stop buying from an organization due to a security breach, or the organization gets fined for regulatory non-compliance – these same organizations can and do pivot quickly to secure their environment and protect their customers’ data. The fact is, no one buys security because they want to, they do so because they have to.
When it comes to the healthcare industry – customer data is particularly attractive to the hacker given that every stolen record can be resold three times – based on the healthcare, identity, and credit data for each patient. Now that technology in the healthcare field is expanding to include data gleaned from wearables and IoT data feeds, that data becomes that much more sought after by cyber criminals, thus putting you and I as the patient at even more risk.
I do not want to give the impression that organizations are NOT doing the right thing for their customers by trying to safeguard their data – but they are not doing everything they can. Implementing the right safeguards should be demanded by individuals and patients like you and I. If we make this a top agenda item and a decision point as to where we seek healthcare, these same healthcare organizations will implement the right security. Security measures such as encryption and rights management ensure that only authorized personnel can view confidential information. If information should fall into the wrong hands due to a breach, it is completely useless due to it being encrypted.
The collective yawn and or acceptance of the inevitable breach does not demonstrate to healthcare organizations that the security of your data is important. Much the same way we carefully evaluate a doctor or healthcare facility as to expertise in treatment and successful patient outcomes, we should also evaluate them on their success in keeping our digital information healthy. Healthcare needs to hear the consumer call that when a healthcare crisis hits, the last thing the patient should have to ask is “doctor, is my data safe”.