What’s the Greatest Business Challenge in the Healthcare Industry?

Health care HIPAA - Dynamic Quest

[extra-space 40]

Businesses in the healthcare industry are more than acquainted with HIPPA, the acronym for the Health Insurance Portability and Accountability Act passed by congress 20 years ago. One of the act’s most important requirements is the safety and confidential handling of protected health information. And now that nearly all patient information exists in the digital ether, cyber security has become one of the healthcare industry’s greatest concerns.

Forbes Insights recently surveyed healthcare executives about these concerns. Their findings were astonishing: 80{61194e7afa0946242429d3457858805d5d8e9f1e3c2fa6ff4cb841084e122ca3} admitted that their information technology had been comprised by cyber-attacks. And while this may seem shocking to those outside of the healthcare and IT industries, you won’t find much surprise on our faces. Businesses inside the healthcare industry constantly face an increased risk of cyber attack—not because they aren’t prepared, but because of the volume of unique information that health plans, doctors, and other providers handle.

Digital patient records and automated clinical systems make for rich targets in the world of cybercrime precisely because the price of such data on the black market has skyrocketed the last several years. Legendary investor Ann Winblad said in a CNBC interview that “data is the new oil.” Such comparisons communicate the value placed on protected information in a big way. It follows that healthcare organizations must take strides, not steps, to protect their information.

There are unique risks to healthcare businesses that may not exist in other industries. For instance, regulatory statutes such as HIPPA and HITECH add an element of liability enforced by government agencies, and heavy dependence on outsourced service providers like payment processing and lab testing add to information transfer risks. Associated with each transmission are both Personally Identifiable Information (PII) and Protected Health Information (PHI). Because healthcare has a complex chain of liability—from providers, to payers, to third part administrators—there are multiple points of access for a cyber attack.

Michael Ebert, a KPMG partner and healthcare leader at the firm’s Cyber Practice, has vividly observed the increased cyber security threat to confidential patient information. He sees overconfidence among healthcare providers and payers who consider themselves prepared for defense against a cyber-attack, and believes a large percentage of the organizations are underreporting. “They are probably compromised and don’t even know it,” Ebert says, citing the quarter of Forbes respondents who say they don’t have or don’t know their capabilities to detect if their organization’s systems are at currently at risk. Industry exposure to cyber threats is only expected to grow.

Because healthcare is a matter of national security, these threats are not simply a technical issue, but a business and governance challenge that involves risk management, reporting, and accountability. Effective security is not a passive enterprise; it requires active involvement of executives to assess emerging threats and organizations’ responses to them. Only a well prepared and properly coordinated cyber security team can provide the necessary awareness and capabilities to handle threats at all levels. Even more, cyber security must be incorporated in a company’s technology and network architecture upfront, and by strategic design. They must ensure that the investments in security are part of a cohesive, coordinated digital strategy.

Organizations required to enforce HIPPA must take active, appropriate steps to secure their data from cyber attacks. For a risk assessment of your business—healthcare or otherwise—consult with an expert at Dynamic Quest. We also offer Business Consulting services to evaluate your organization’s preparedness and ability to react to these threats when they arrive. As always, we’re happy to have new partners on board, but indisputably recommend a serious look at the status of your cybersecurity—especially for those in the healthcare industry. Stay safe out there.