The new wave of digitizing medical records has seen a paradigm shift in the healthcare industry. The ability to store patient records and research has meant the healthcare industry is witnessing a huge increase in the volume of data. As healthcare providers and insurance companies look for every feasible way to lower costs, and improve the delivery of care, the promise of big data is set to transform the industry from reactive to proactive. But there are still some concerns. Cybersecurity issues and patient privacy are potential complications that the health industry must solve if they want to take advantage of the benefits big data can provide.
Healthcare data, especially on the clinical side, has a long shelf life. Providers are legally required to keep patient data accessible for at least six years. But they may also wish to make use of de-identified datasets for research purposes. Data may also be reused or re-examined for quality measurement or performance benchmarking.
Despite the advantages big data brings to the healthcare industry, unauthorized disclosure of patients’ private health information remains a serious issue. Data breaches cost the industry somewhere around six billion dollars annually, and some statistics have the number of data breaches per year pinned at close to 50,000. A survey from the Ponemon institute found that ninety-seven percent of the healthcare organizations reported suffering a data breach within the previous two years. Causes for breaches range from lost and stolen equipment, to employee mistakes. But experts say it’s a trend that will continue as big data and the healthcare industry become more intertwined.
It’s understandable that data security has become a high-level priority for healthcare organizations, and with the number of hacks and breaches we’ve seen in 2017, it’s obvious that healthcare data is subject to an enormous range of vulnerabilities.
Doctors and clinic staff rarely think about where the data they access is being stored. As the volume of healthcare data grows exponentially, some providers find themselves unable to manage the costs and impacts of on premise data centres. Outsourcing services like medical billing to a dedicated company with its own secure servers and a security and risk team to manage them, is one way to provide patients with the peace of mind that their personal data is secure and safe.
Breaches in data security aren’t the only concern, however.
The practice of sharing patients ‘encrypted’ data for the purposes of research and clinical trials is not without its dangers.
2.9 million Australians recently had their private ‘encrypted’ health data pulled from the web after a report from the University of Melbourne showed that patients could be re-identified through a process as simple as linking the encrypted parts of the record with known information about the individual such as medical procedures they’ve undertaken, and year of birth. The researchers identified several high-profile Australians this way, including three Members of Parliament and a prominent Australian footballer. According to the report, this highlights the privacy risk inherent in sharing patient data, and illustrates the ways de-identification practices can fall short.
However, it gets into their hands, once cyber criminals have access to patient data, it can be used for malicious intent, and when we’re talking about data that doesn’t expire, such as social security numbers or dates of birth, it can be used repeatedly.
Generally medical records that are stolen are resold on the dark web, as either a complete record, or in piecemeal portions. And they sell for several times the amount that a stolen credit card number or a social security number does. This is because Cybercriminals can pick and choose what they want from the various parts of a patient’s record. This includes medical histories, test results, methods of payment, home addresses, credit card numbers, and birthdates, just to name a few.
Thieves can then can use the information from stolen electronic records to receive medical care, file fake insurance claims or gain access to prescription drugs. They can exploit identifiable data to obtain credit or take out loans, or even forge official government issued documents like passports.
The growing Internet of Things and the prevalence of tracking apps and wearable devices also pose security risks. The privacy safeguards for the consumer are basically non-existent. With the end-users themselves having little control over the use and distribution of the data gathered by these devices. And these types of devices are only going to become more wide-spread.
Blockchain has been heralded as one of the potential saviours of security in the healthcare industry. With some experts suggesting it has the potential to both keep health data private and secure, and reap the benefits of wearables and other connected medical devices. Because it doesn’t have a centralized point for hackers to attack, it provides an additional layer of security against the threat of a breach.
But the truth is big data for healthcare is largely uncharted territory, and the health sector has lagged behind other industries when it comes to making cybersecurity a priority. As big data continues to impact the way health care is provided, the industry is going to need to begin adopting strategies and practices to keep patients data private.