The healthcare industry has been subject to a paradigm shift when it comes to managing confidential patient data. The digitization of health information, which was initially driven by the HITECH Act of 2009, has provided a number of benefits, such as providing more efficient access and storage, requiring less employees to manage the records, as well as providing more accuracy and readability. However, it also comes with a number of challenges that need to be addressed.
There has been an increase in demand for patients to be able to access their records via web/mobile applications, as well as an increase in the adoption of connected medical devices. As you might expect, having sensitive data stored on more devices, at different locations, and exposed to more people, will greatly increase the chances of a data breach.
Given that over 90% of healthcare organizations have experienced a data breach since 2016, it is clear that providers need to do a lot more to protect their patients’ data, but what? Below are 4 predictions about the data security trends we are likely to see in 2019.
1. Greater Interoperability Between EMR Vendors
Data interoperability in healthcare is a bit of a mess, to say the least. The average US healthcare system uses 16 different EMR vendors, which makes it very difficult for providers to keep track of what data they store, and how that data is being accessed.
This in turn makes it difficult for providers to keep their data out of the wrong hands. We expect to see greater initiatives to improve interoperability between EMR vendors. Vendors may be required to cooperate with each other to ensure that health information can be easily audited, and securely shared between platforms.
2. More Data Protection Regulations Will Be Introduced
US healthcare providers are already well acquainted with HIPAA, PCI-DSS, and various others. In May last year the General Data Protection Regulation (GDPR) was introduced to give data subjects more rights over their data and has a shorter timeframe for data breach notifications than HIPPA.
Following the GDPR, the California Consumer Privacy Act (CCPA) was introduced, which, like the GDPR, gives data subjects elevated rights. We will likely see new regulations being introduced which focuses on the storage and processing of EHR’s, and to facilitate better interoperability between EHR vendors.
3. The Use of AI to Improve Both Data Security and Patient Care
Given the limited resources available to providers, not to mention the general shortage of security professionals, we will inevitably see an increase in the use AI to automate as many security operations as possible.
AI can be used to identify anomalies and assign them a score based on their potential threat level, thus enabling security teams to better prioritise the threats that need to be addressed. However, AI can be used for many other purposes, such as finding unstructured notes in clinical records, transcribing conversations (even when there are multiple speakers), helping radiologists scan X-rays for abnormalities, and much more.
4. Insider Threats Will Continue to Plague Healthcare
Healthcare providers employ large numbers of people, store vast amounts of sensitive patient data and typically operate on a tight budget, which makes them particularly prone to insider threats. In fact, according to a Verizon report, healthcare is the only industry where insider threats outnumbered external threats.
As already mentioned in the first prediction, poor interoperability between EHR vendors makes it difficult for providers to keep track of where their sensitive data resides, who is accessing/sharing it, and how. Providers are beginning to realize that good security starts with data! If they not able to detect, alert, report and respond to suspicious events concerning their data, they will not be able to mitigate insider threats.