Digital health companies are rapidly becoming the new frontline for data security in the healthcare industry. This year alone we have seen almost 100 million health care records breached through the combined cyber security attacks on Anthem (80 million), Premera (11 million) and CareFirst (1.1million). We are just over half way through 2015 and it is already setting a new record for the number of health records breached. But this should not surprise anyone. Analysts had predicted that 2015 could be the year of the healthcare breach. This may only be the beginning and here are 4 reasons why:
No. 1 The rise of the Digital Health Economy
No. 2 The digitization of healthcare
No. 3 Linens & Things – the new Business Associate
No. 4 The value of health data
Reason No. 1 The rise of the Digital Health Economy
The way healthcare is being delivered is changing! We can now choose our doctor and book appointments online, register ourselves and complete our HIPAA disclosures via a mobile tablet, and receive discharge instructions and care via a mobile app. All while being tracked by a wearable device, talking to the cloud. These new services and applications are being provided by a growing number of innovative new players entering the market.
According to Start Up Health, in 2014, $6.5 billion was invested in Digital Health and there are more than 7000 Digital Health companies competing to provide the healthcare industry with innovative mobile and cloud-based solutions.
These digital health vendors are providing the services and applications we, as patients, want to use. However, most are small tech companies with 10, 50 or at most a couple of hundred employees. If a major health system or health plan, with thousands of IT professionals and a multi-million dollar IT budget, can face a breach, what chance do these smaller companies have. Many have already achieved notable success, and are deployed by leading hospital systems. So what happens when one of them, with access to the patient data for the top 10 health systems, gets hacked? It could make the Anthem breach look small.
Reason No. 2 The digitization of healthcare
Over the past 10 years, the government has been providing incentives to hospitals, clinics and others providers to implement Electronic Health Records. While many of the largest medical institutions already maintained electronic records, “ Meaningful Use”, introduced as part of the Affordable Care Act, has driven them to implement more efficient ways to share this information. Medium sized and smaller providers are following their lead and making this conversion. The number of U.S. physicians now using electronic medical records has grown to more than 90%, compared to less than 10% only a decade ago. Even in the age of the Internet, this is an exceptional transformation. While the data has gone digital, most of those physician practices do not have the technical skills to manage it. For many, it was not so long ago that securing patient data meant locking a filing cabinet at the end of the day. Now their entire patient list is online. Without the right protection in place, it is an easy game for any reasonably smart hacker.
In Part 2 I will continue with the 4 reasons why digital health companies are rapidly becoming the new frontline for data security in the healthcare industry.
To learn more about IT Security and Compliance and how your company measures up with best practices, take a free online High-Level Assessment.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.