Protecting patient data now demands innovative health care technology solutions.
Data breaches of private health care information are an ever-looming threat in today’s digitized world. An article published in the World Economic Forum in December 2023 described data breaches as a “global concern with far-reaching consequences that extend well beyond the headlines.” These ramifications include privacy compromise, identity theft, fraud and expensive lawsuits, among other issues.
So how do you maintain patient data security in the current health care environment, in which medical information is invariably shared electronically?
Robert Downing, CEO of Premier Health, a management services organization that provides medical billing, credentialing, IT support and consulting services, said data breaches are a constant concern in the health care world. “It’s an everyday battle. If you think you can take your foot off the pedal, you’re going to lose.”
Downing has worked for companies that have suffered major data security breaches that resulted in millions of dollars in losses. “It’s a cost that’s burdening health care companies,” he stated.
In 2023, 725 data breaches were reported, exposing more than 133 million patient records, setting a new high for the most breaches and most breached records – levels previously reached in 2021 and 2022, respectively.
The most common defense the health care industry employs to safeguard private information against this onslaught of cyber attacks is a multilayered approach, running two or three different types of software simultaneously. “If it gets through the first layer, there is a second layer to protect the data,” Downing explained.
Blockchain as part of the answer
What about Blockchain, an emerging technology already in use in other fields? A digital database that securely stores records, it is best known for its use in cryptocurrency platforms such as bitcoin. It works by storing data or information in blocks connected through cryptography. Blockchain’s primary application has been recording digital transactions, but some health care facilities are using it for medical records and to secure patient information.
While maybe not the answer to maintaining patient security, it’s part of an answer, said Downing: “It is a helpful tool to get there.”
While Premier Health has no medical clients that use it for data protection, his understanding is that Blockchain decentralizes control of the data process, “which is a good thing.” He added that there are public blockchains, but health care would want to utilize private blockchains to handle sensitive patient data since the transparency public versions provide could undermine efforts to store private information.
The World Economic Forum stated that Blockchain’s decentralized network of distributing data allows health care organizations to “greatly reduce the risk of data loss by removing a single point of failure,” and touts its cryptographic algorithm for securing data as unbreachable.
However, Blockchain in health care remains in its fledgling stages in terms of evaluating its potential applications. According to the Healthcare Information and Management Systems Society, a nonprofit promoting the effective use of IT in health care, while Blockchain technology shows promise, it still has its drawbacks. It relies on the “validity of transactions,” and, as HIMSS noted, “not all health care activity is transaction-based, and not all health care transactions may be appropriate for the technology.”
“I don’t know how it’s going to work in the real world yet,” Downing acknowledged.
While Blockchain’s future in health care is uncertain, what is clear is that the health care industry has continually had to adapt as hacking has grown in sophistication. Years ago, health care companies used in-house IT staff to address cybersecurity issues, but now they are hiring large third-party firms to monitor security threats and provide data security protection, said Downing.
Big clients such as hospital systems have multiple systems protecting their data. The various layers of safeguards are warranted for these large hospital systems, according to Downing. “Basically, almost every day there are attempted data breaches,” he said.
Balancing data sharing with security
Sharing electronic medical records among providers is necessary, so how can health care facilities balance the need for exchanging protected health information with the risks of data breaches?
The most common approach from big hospitals is using direct EMR messaging rather than traditional emails or faxing, said Downing.
Additionally, most health care entities have transitioned from using server-based systems for storing EMRs to cloud-based platforms such as Athenahealth, which provide a stronger barrier of protection against data breaches. Many past breaches occurred because hackers accessed servers, but the shift to the cloud over the past five years makes it much more difficult, Downing stated. Small practices are still struggling though, because sophisticated data protection systems can require milliondollar expenditures that not all can afford to implement.
While some progress has been made in bolstering patient data security, as Downing related, when it comes to protecting private medical information, the health care industry can never get complacent, because the next major cybersecurity threat is always imminent.
Additional sources: The HIPAA Journal, hipaajournal.com/healthcare-data-breach-statistics/; HIMSS, gkc.himss.org/resources/blockchain-healthcare; World Economic Forum, weforum.org/stories/2023/12/healthcare-data-breaches-blockchain-cybersecurity.
By Colin McCandless
