Digital Transformation in Healthcare: Addressing Privacy & Security
One positive byproduct of the COVID pandemic was the acceleration of the rate at which digital health innovation progressed in healthcare. Some estimate that healthcare’s digital transformation over the first two months of the pandemic alone was equivalent to two years’ worth pre-pandemic. The pandemic quickly created a demand for a digital transformation that improved interconnectivity between the healthcare provider and the patient. It was necessary to expand telehealth services, remote patient monitoring, digital pharmacies, and other digital tools to keep up with patients’ needs and to provide a positive patient experience. As a result, healthcare introduced the “digital front door.”
The creation and adoption of the digital front door allows patients more interaction and engagement with their wellness and healthcare providers. It satisfies the increased need for patients to be able to use technology to find a doctor, schedule an appointment, request a prescription refill, pay a medical bill, and interact with their physicians. While the pandemic sped the inception of the digital front door, the digital transformation was already underway as the result of the Final Rule of the 21st Century Cures Act, mandating interoperability and giving patients secure access to their health data. This requires vast amounts of patient data to be interconnected in the cloud and across multiple platforms and systems. Thus, while the digital transformation is moving healthcare forward in functionality, it is increasing our vulnerability in terms of data security and patient privacy.
The Digital Front Door’s Impact on Privacy & Security
The digital front door and the tremendous amount of sensitive data exchanged thereindramatically expand the privacy and security attack surface and threat landscape. Keep in mind that medical records and health data are a hacker’s goldmine because medical records areworth as much as $1,000 and healthcare’s digital transformation creates new opportunities for cyberattacks. Healthcare organizations and healthcare IT companies must keep in mind that having access to large amounts of sensitive patient data poses some security risks.
- There was a 55% increase of healthcare data breaches in 2020 and opening the digital front door even furthers the likelihood of data being exposed.
- Enforcement for non-compliance with regulations such as HIPAA or GDPR can lead to hefty monetary fines, some are even millions of dollars. In 2020, the Office for Civil Rights (OCR) settled 19 HIPAA violation cases, with fines ranging from $3,500 to $6,850,000.
- Cyberattacks can impact healthcare operations, reputation, and patient safety. For example, in late 2020, the University of Vermont Medical Center (UVMC) experienced a cyberattackthat caused them to go almost an entire month without access to medical records and payroll programs. During the first few days of the incident, UVMC had to reschedule surgeries and had to send cancer patients to other providers for radiation treatment. It was estimated that UVMC suffered a loss of $50 million in revenue because of the cyberattack.
Tips for Locking the Digital Front Door
Interoperability and digital transformation are rapidly changing how healthcare data is storedand transmitted. Many healthcare organizations are moving into the cloud and utilizing innovative third-party apps. While this is a huge step forward, there are some considerations for improving your front door’s security and making sure it’s locked.
1. Secure & Continuously Monitor Your Cloud
Digital transformation starts with moving into the cloud and compliance and security best practices need to be considered. Configure your cloud environment with privacy and security frameworks relevant to healthcare (HIPAA, NIST, GDPR, etc.). Misconfigurations are oftencaused by human errors and increase the risk of an incident. It is estimated that 19% of data breaches are the result of not properly protecting assets within the cloud environment. Automation in a continuous manner can help address gaps from human errors.
2. Map Your Attack Surface
How confident are you that all sensitive data is secured? Identify where the data is stored and transmitted and put technical safeguards into place. Do you know who in your organization and what third parties have access to your sensitive data? Insider access is still one of the top causes of breaches and accounted for one out of every five healthcare breaches in 2020. Implement a formal policy for access control and continuously monitor for anomalies. There are a lot of healthcare-specific solutions in the marketplace to automate access control and improve security with your third-party vendors.
3. Develop A People-Centric Security Strategy
Evaluate your users’ risk before a cybercriminal does. Have a security solution in place that provides insight into who is being attacked, how they are being attacked, and if they were deceived by a phishing scam. Educate and create a security-focused culture within your organization and hold users accountable.
4. Have a Zero-Trust Approach
The digital front door is increasing the number of business associates that healthcare partners with, and at the same time digital platforms are integrating with more and more vendors. This increases the amount of sensitive data being transmitted and stored and typically increases the number of users with access to it. Ensure you have the correct capabilities and insight into your digital platforms to control sensitive data. Take note that is something to deeply consider with APIs due to the significant amount of integration that takes place with third parties. And of course, don’t forget to maintain updated business associate agreements (BAA) with your third parties. This is especially important with your cloud provider since they often don’t guarantee HIPAA compliance without a BAA.
The digital transformation brings endless opportunities of how we can improve healthcare,make it more accessible, and improve patient engagement. Even though the digital front doorbroadens the privacy and security landscape, it is here to stay and is only in the beginning stage of healthcare’s digital transformation. When building your front door be sure to put privacy and security at the forefront so that you can lock your door to protect your sensitive data fromthreat actors. Learn more about how to accelerate your digital objectives – secure and compliant – from design time through run time.