The Importance Of Healthcare Data Security

The Importance Of Healthcare Data Security

Cyberattacks, data breaches, and hacking are key concerns for healthcare executives and a growing problem in the industry. A recent report showed that data breaches were up in 2018, with 503 incidents impacting almost 15.1 million patient records, compared to 477 breaches impacting 5.6 million records in 2017.¹  As hackers get more sophisticated, hospitals need to be increasingly vigilant about their healthcare IT and cybersecurity practices.

Healthcare data security is about more than just regulatory compliance: it needs to be central to a hospital’s ‘patient first’ focus, as it’s critical in maintaining consumer trust and organizational health. 

As anyone who has ever had their financial data stolen can attest, it can be a frustrating, costly, and time-consuming issue to correct. Credit card numbers must be changed, false charges corrected, and checks blocked. But unlike financial data, medical data cannot be corrected. Medical data is personal and can’t be changed or “wiped clean” – once the information is breached, the damage is done. Identity theft, insurance fraud, and extortion are all possibilities after a healthcare data breach, especially when you consider the medical information of CEOs, public figures, and other individuals are key targets for hackers on the black market. 

For hospitals or other healthcare systems, a breach can be financially devastating long-term, too. The service interruptions and potential HIPAA fines sting upfront, but lack of consumer confidence driving patients elsewhere could mean lost revenue for years to come. Overcoming a serious data breach requires extensive image and trust rebuilding in a community, usually in the form of a massive and expensive PR campaign. For these reasons, most hospitals already understand the significant risks involved when handling patient health information – a recent HIMSS survey showed that cybersecurity, privacy, and security are top concerns in healthcare.²

Unfortunately, concern about data security doesn’t always lead to action. 

Despite data security growing in importance, a 2017 Black Book Market Research survey showed that only 15% of organizations reported having a chief information security officer.³  Given the enormous amount of private information hospitals have access to, high employee turnover rates, and the lack of IT leadership, this only adds to the unique challenges healthcare organizations face when implementing cybersecurity measures – many driven by the large number of systems and software vendors that every hospital uses to coordinate care and manage their business. 

The sheer number of disparate IT systems used in healthcare is perhaps unrivaled in any other industry. Every system, every vendor, every connection, and every employee with access and responsibility for transferring sensitive data is a cybersecurity risk. That’s because EMRs and other healthcare interfaces weren’t built to share data – they were built as fortresses to protect the data of patients and to make sure that data was available only within the walls of that system. 

“The ‘walled fortress’ approach to security no longer works,” says Olive Chief Product Officer David Landreman. “Keeping all data within your physical facility is not the end-all of protecting your data, it doesn’t account for human negligence, and it doesn’t make up for a comprehensive approach to security.”

Instead, data must be exchanged seamlessly and securely in order for healthcare organizations to provide better care to people globally, and this can only be achieved through technology.

Technology vendors should be an area of scrutiny for healthcare organizations looking to mitigate risk. 

Implementing data protection strategies and vetting technology vendors thoroughly will enable healthcare organizations to meet regulations and share critical patient data more securely. To limit risk and improve overall IT security strategy, hospitals should perform a security assessment of the vendors they currently use to understand their risk. Every new vendor selection process should weigh security concerns heavily in the evaluation criteria – begin this security evaluation early to ensure your solutions are built with the complexities of your organization in mind.

What happens when a hospital conducts a security assessment and finds that a vendor isn’t measuring up? Hospitals have two real options: put pressure on the company to improve security or switch vendors. As anyone who has switched vendors or implemented new software knows, neither are an easy task. Possible contract cancellation fees, time spent evaluating new solutions, resources spent on re-training employees on new software – it all adds up. 

And what’s the incentive for current vendors to improve security practices if only 10% of their customer base, for instance, needs those security updates – does the cost of potentially losing customers outweigh the cost of upgrading cybersecurity? As mentioned before, switching vendors can be cost-prohibitive, leading many hospitals to stay with current vendors with only vague promises or extended timelines for upgraded security.

Working exclusively with healthcare-specific vendors reduces risk.

When new regulations come out, new medical devices emerge, and new threats develop in healthcare, hospitals need partners that understand their industry-specific needs. Healthcare-only vendors understand the unique challenges facing the industry and will be better positioned to address organizations’ changing needs – especially those around cybersecurity.

 

That’s why at Olive, we’re healthcare first, and healthcare only. 

Unlike other AI solutions on the market, Olive uses her healthcare-specific skills to address common bottlenecks when it comes to automating workflows – most importantly, she does it with unrivaled security measures built for healthcare, working seamlessly within common industry processes and your current IT infrastructure. Instead of adding to your tech stack, Olive helps you run the tools you already have in place more efficiently, handling sensitive data without compromising security, helping to mitigate hospitals’ risk. 

Olive was built from the ground up with the complexities of healthcare data in mind, working seamlessly with the security controls and practices healthcare organizations already have without compromising sensitive health information. We believe industry regulations like HIPAA privacy rules, SOC2 compliance and other bot-related compliance issues should be the least of your team’s worries – we want them focused on more human-like initiatives, like patient care.

Olive automates a variety of healthcare workflows with speed and ease because she was designed to interact with EMRs, insurance portals, and other healthcare applications the same way a human would – only faster, smarter, and more securely. And Olive’s capabilities around industry languages and standards were built specifically for healthcare – that means she’s experienced with HL7 standards (including FHIR), EDI X12 messaging, and more.

Are your current vendors providing the security your organization needs? Contact us today to learn more about how Olive can help your organization limit risk and improve your overall data security.

Sources:

1.https://www.healthcaredive.com/news/data-breaches-compromised-151m-patient-records-last-year/548307/

2.https://www.himss.org/2019-himss-leadership-and-workforce-survey-0

3.https://blackbookmarketresearch.newswire.com/news/84-of-healthcare-organizations-dont-have-a-cybersecurity-leader-as-the-20110145

 

“Will a Robot Take My Job?”: How to talk with your team about Artificial Intelligence

Artificial intelligence is one of the hottest trends in the healthcare industry (and, let’s face it, just about every other industry right now). People have touted it as the cornerstone of the Fourth Industrial Revolution, which might seem exciting to some of us––but to individuals working in repetitive, task-driven roles, this can take on more of an ominous tone. After all, the past Industrial Revolution completely reshaped the workforce and how humans approached their jobs and livelihoods. Can (and will) automation do the same thing, particularly in the healthcare industry?

In our last webinar with HFMA about optimizing the Revenue Cycle using Artificial Intelligence, several attendees asked us how artificial intelligence will impact their teams and if they should plan to downsize if they intend to introduce automation into their organizations. This is a common concern, and one that we hear time and time again at Olive. In order to help you better weather the storm and start a healthy dialogue about automation with your team, here are a few pointers to get you started. 

1. Frame automation as a solution, not a threat. When discussing the potential for automation within your organization, you can take a similar approach with your fellow leadership and with your own team: rather than taking a doomsday approach, start a brainstorm about how automation can free up your team’s bandwidth, and where those individuals can be leveraged in a way that’s more meaningful to the organization as a whole (and to them!). After spending so long stuck in the status quo, this can be a challenge. Be sure to give all stakeholders plenty of context in advance of your conversation; that way, everyone can come prepared and open-minded to engage on the future of the organization.

2. Make your human team feel….well, human. It’s scary and vulnerable to think of technology invalidating your job, so approach the topic with empathy and optimism when talking with your team. Genuinely listen and respond to your team’s apprehensions in a way that makes them feel supported and appreciated. If you treat your team with respect and openness during these initial conversations, they will be less likely to see automation as a threat to their livelihoods, and more as a tool to help them do their jobs even better than before.

3. Keep them involved. No one likes having a major change dropped on them at the last minute, let alone without their input. Once you start talking with automation vendors about potential workflow solutions, keep your team closely involved––after all, they’re your in-house experts! They are closest to the problem and, if involved in the process from the beginning, they can help your workflow automations truly shine. Make sure that they have a direct line to your workflow automation vendors and that they feel a sense of ownership over the automation project.

    1. Artificial intelligence and automation can have an exponential impact on healthcare organizations’ operational efficiency and care delivery. But the first step to achieving that benefit is to gain buy-in from other stakeholders and especially from your own team. By speaking openly, early, and often about the impact it will have––on your entire organization––you can foster a sense of collective ownership and excitement for, not fear of, the future.

    2. 4. Clarify your intentions and expectations for how artificial intelligence will impact your organization. Some leaders do turn to automation in order to downsize their teams–-and in some cases, it’s the ugly reality of what has to happen for their organization to stay in business. But other leaders look to automation as a way to scale and empower their existing workforce to achieve more than ever before. Having a clear stance on this––and understanding why, as a leader, you need to do this for your organization–will make subsequent conversations easier both for you and your team.

    If you’re starting to explore automating part of your healthcare organization, our team is always happy to help you structure these early-level conversations with your team or with other stakeholders. Reach out to us today to learn more.  Start here with us today.