Getty Images/iStockphoto
Could Patient Privacy Awareness Drive Health IT Innovation in 2020?
Egress CEO shares how as patients are growing increasingly aware of their HIPAA privacy rights, providers are beginning to challenge legacy ways of tech delivery to drive health IT innovation.
The past year in health IT security was one of the worst seen in recent years, with multiple breaches each impacting several millions of patients. Patients are also growing increasingly aware of their data privacy rights through HIPAA and, in response, filed lawsuits after many of those privacy breaches.
As the need for health IT innovation increases in healthcare, providers must also change how they approach security in 2020 to keep pace with increasingly sophisticated threat landscape. Egress Chief Executive Officer Tony Pepper shared with HealthITSecurity.com just how innovation and awareness will impact those security decisions in the coming year.
2019 has been one of the most disruptive in terms of cyberattacks, big breaches, and a host of disruptive ransomware attacks. From what you’re seeing, what are the overlying themes from 2019 – and is healthcare learning its lesson?
Healthcare will always be one of the top industries for data breaches, simply because of the nature of the data they collect, process, and share, as well as the services they provide. This makes healthcare an attractive target for cybercriminals and means employee errors when handling data are often more severe. So, it seems almost inevitable that data breach claims reached into the multi-millions in 2019; Inevitable, but no longer acceptable.
Hyper-awareness about data privacy amongst patients combined with compliance requirements—including HIPAA—rightly means there are no hiding places left for organizations when it comes to their security practices. Yes, many organizations have had to “learn their lesson” the hard way both financially and reputation-wise, but companies now also understand that taking proactive steps will protect them before it’s too late.In response, over the last year we’ve seen healthcare organizations begin to challenge legacy ways of delivering technology, and instead look to innovative solutions to solve today’s pain points. The most impactful solutions preserve patient privacy and make it easier for healthcare providers to seamlessly and securely access and share information.
Will these trends continue – or perhaps worsen – in 2020? What do you see on the horizon for the coming year?
In 2020, I believe we’re going to continue to see increased awareness of data breaches from patients, which will create further pressure on healthcare organizations to protect their data and comply with legislation. This can only happen effectively if healthcare looks to the right technology to ensure patient data is secure.
Static technologies are showing their limitations because they can’t evolve fast enough to meet newer threats—for example, sophisticated impersonation-based phishing attacks—and they aren’t flexible enough to detect and respond if people behave abnormally or unpredictably. The only way to turn the tide on data privacy breaches will be for organizations to invest in new technologies that are dynamic and responsive, such as those leveraging contextual machine learning. These technologies understand when people are not behaving as predicted and flag that behavior in real time either to the individuals themselves to prevent mistakes, or to relevant security personnel to stop malicious behavior in its tracks.
Do you expect there will be any regulatory changes or movement on federal privacy legislation?
There will continue to be pressure for a federal privacy law, which would supplant state and industry regulations to create a unified privacy law. For now, in 2020, we’ll probably continue to see the wave of state-level legislation moving forward, lobbied, and—frequently—passed.
For example, the California Consumer Privacy Act is now officially in effect, with Colorado and New York following suit. One important part of CCPA and other pending legislation is the right for consumers (and by extension patients of for-profit healthcare companies) to access the data an organization holds on them. This means healthcare organizations need to be able to track where data is going within the continuum of care and ensure information sharing is compliant. States such as North Carolina are also tackling the issue of what happens when a breach does occur through the proposal of a 30-day breach notification bill to create more public awareness.
This patchwork of state-level laws and industry legislation demonstrates the emphasis rightly put on protecting citizens’ data. However, whether it’s a sustainable, long-term way forward or whether it’s possible to implement an extensive federal legislation remains open to much debate.
As Microsoft ends support for Windows 7 in January, what will be the result of failing to patch or transition into newer systems?
As with any technology, failing to patch or upgrade systems can expose organizations to risk because they are no longer able to take advantage of security updates. The impact of older systems on security can be seen in the 2017 WannaCry data breach, which brought numerous healthcare services to a halt and effected 26 million NHS patients across the UK (approximately 40 percent of the country’s population).
The best recommendation is to keep software up-to-date and to upgrade once support for products become obsolete. While there is always some financial cost to do so, in healthcare the impact of a breach can be far more devastating for patients and providers.
The transition of these processes also offers both risk and opportunity. The risk lies in ensuring newer systems are deployed correctly and have robust security protocols in place, while the overarching opportunity is to improve efficiency and security.
Overall, the healthcare sector faces quite an uphill battle when it comes to cybersecurity given its unique challenges, such as an ever-increasing list of endpoints. From your perspective, what are some of healthcare’s greatest challenges – and how do we begin to move the needle on shoring up vulnerabilities?
As new threats evolve, healthcare organizations have never faced a more complex security landscape. However, we’re in an exciting time because security technology is also evolving at pace to help protect data, and we have a unique opportunity to improve security to an extent we haven’t been able to before. For instance, using technologies such as contextual machine learning, we are now better able to take into account individual human actions and adapt systems to protect individual users. Those organizations that remain open to innovation will take advantage of security technologies to ensure they are protecting themselves and their patients.