Patient privacy and data security rules have significant implications for the healthcare sector. More so, with ICT becoming the foundation for enhanced healthcare delivery and innovative healthcare models. With patient data moving online and to the cloud, and disseminated on multiple devices, the opportunities for theft and compromise are clear and present. But what is the present state of healthcare data privacy and security?
Here are some interesting findings of a recent study which covered the current US cyber security landscape in the healthcare industry:
65% of healthcare organisations have no protection services in place for patients whose medical records have been stolen or lost.
It appears as if an increase in cyber threats hasn't served as a strong enough deterrent to healthcare organisations, a majority of whom do not offer any kind of medical identity monitoring and identity restoration service to affected patients. Ironically, the same percentage of healthcare organisations admit that patients whose medical records have been stolen or lost are at a greater risk of medical identity theft.
Many healthcare organisations use an ad hoc risk assessment process
An ad hoc approach to managing and assessing data breaches is never enough to implement appropriate preventive measures and improve the overall outcome of the organisation's data security initiatives. Healthcare organisations in the the United States are required by the HIPAA Final Rule to follow a four-factor risk assessment process after each security incident. The study showed that only half the number of healthcare organisations conducted this assessment, while the rest used either an ad hoc approach or an internal tool/process.
The average cost of healthcare data breach has been consistent over the past five years
At $2.1 million, the cost of data breaches in the healthcare sector has stayed consistent. The study found that a majority of data breaches involved stolen or lost devices owing to employee negligence. A greater emphasis on employee education and training can lower this number.
Healthcare and the cloud
Cloud adoption has helped the healthcare industry manage data better, decrease capital expenditure, and personalise healthcare. Asia Pacific has been quick to explore innovative healthcare solutions for enhances patient-centric care.
Healthcare cloud has caught the fancy of CIOs, with the market for software-as-as-service (SaaS) and infrastructure-as-a-service (IaaS) expected to grow at a compounded annual growth rate of 22.3% between 2012 and 2018, according to recent research.
With the cloud comes the issue of security, and this is where healthcare IT vendors are finding it difficult to convince CIOs to move to the public or hybrid clouds, as many other industries/sectors have already done.
That explains healthcare's cautious investment in only private clouds. It is to be seen whether or not the risk-averse attitude to public and hybrid cloud technologies will change in the near future.