6 ways hospitals can ease patients’ fears about security threats

Data and technology have become integral parts of healthcare. They work together to offer physicians a timely and precise glimpse into patients' personal health.

They allow physicians to consult with patients and fellow doctors around the globe. They allow medical records to be transferred and accessed with the touch of a button. But they also make patients — and healthcare facilities — vulnerable to cyberattacks.

New data breaches are making headlines every few days, affecting thousands (if not millions) of American consumers. And the latest trend of cybercriminals stealing personal information from insurance companies and healthcare facilities has consumers more concerned than ever. It's no wonder patient trust in healthcare security standards has taken a major hit.

If not improved, this distrust can have a significant impact on an organization's bottom line and, ultimately, its long-term success. Because healthcare isn't parting ways with data and technology anytime soon, it's vital for facilities to find other ways to improve hospital-patient relations and calm the fears of their concerned patients.

Where the data revolution and security collide

Technological advancements and data breaches practically go hand in hand. While technology becomes more intuitive and practical, personal information becomes more vulnerable and valuable. And no one is storing more personal information than doctors, hospitals, and other healthcare facilities.

In early 2014, the FBI sent private messages to healthcare facilities, warning that they were particularly vulnerable to cyberattacks due to lenient security measures and the increasing value of personal health information on the black market. This message forewarned what has and will continue to be a growing concern in data security.

Last year alone, the healthcare industry suffered 322 data breaches, accounting for nearly half of all incidents in 2014. One major breach was through Community Health Systems — a network of 206 hospitals spread throughout the U.S. — where 4.5 million names and Social Security numbers were stolen. Earlier this year, Anthem suffered a massive data breach that could affect as many as 80 million customers.

So what makes the healthcare industry such a desirable target for cybercriminals? The answer is simple: accessibility. Facilities are gathering and housing more data than ever before. And the security standards and infrastructures of most organizations aren't keeping pace. The growing popularity of medical gadgets, healthcare apps, and electronic health records are further contributing to this data vulnerability issue because they're often improperly monitored and secured. In many cases, data is still just too accessible to outside sources.

The harmful effects of security concerns

Typical data breaches are scary enough, but when confidential health records are compromised, it's an invasion of privacy on a whole new level. Suddenly, consumers are also concerned about their identity being stolen, personal information being viewed by strangers, and private medical conditions going public.

That's exactly why patients are beginning to give serious consideration to the reliability of their healthcare providers' data security infrastructures. In one survey, 76 percent of consumers reported being worried about the safety of their medical data. Another recent survey revealed that only 43 percent of surveyed patients thought their healthcare providers were adequately protecting patients' electronic information.

This lack of trust can have huge consequences for healthcare providers. For one, it can make doctor-patient communication even more difficult. Fifty-six percent of surveyed consumers reported that their privacy and security concerns would determine whether they "tell their doctors everything." In a field where communication really can be a matter of life or death, trust and honesty are vital.

The level of trust patients have in a healthcare facility can also directly affect the organization's bottom line. Patients aren't willing to hand their private information over to just anybody; they must feel like the facility is secure and the workers there are trustworthy. If there's any doubt about an organization's level of security, patients will look for a different care provider. Data breaches and even small slipups can generate enough bad press to send potential patients — and their money — straight to competitors.

Luckily, healthcare facilities can combat declining trust by establishing an organization-wide policy of transparency and open communication. Transparency helps eliminate the unknown elements of healthcare that cause existing and potential patients great concern. It helps patients understand the measures that are in place to protect them and their data, putting their minds at ease. And transparency empowers patients to talk openly about their health and ask questions about how their data is being used, stored, and protected.

But there's more to becoming a transparent organization than sharing the news during consultations or sending out a few newsletters. It requires facility administrators and staff to implement a series of changes that inform patients that their data is being protected and to actually protect it.

Boost patient confidence in your facility

Healthcare facilities are challenged with not only securing the growing amounts of data collected every day, but also reassuring patients that their data is safe. To achieve both goals, administrators need to:

1. Become a transparent organization. For patients to feel more confident in sharing personal information, they must understand the purposes behind data collection. Be open about the following data practices:

- Why patient data is being collected
- How it's being used to improve patient health
- What's done with information after it's collected — specifically, where it's housed, how long it's kept, who has access to it, and whether patients can access it themselves
- What's being done to keep up with changes in data, technology, and security

2. Communicate security measures to patients. Getting more patients on board with various data gathering and analyzing methods like EHRs takes more than a signature on a waiver. Patients should also be informed of the security practices that are in place to protect their information. Let patients ask questions or voice concerns. Respond with reassurance, and explain the ways these technologies not only help healthcare professionals, but also benefit patients by improving the overall quality of care.

3. Emphasize employee education. An organization is only as secure as its weakest link, which is why employees are often involved in data breaches. Employee education should always be a major part of transparency and security improvements. Personnel should not only understand which types of information to protect, but also why and how to protect it. Emphasize ways to avoid employee-targeted attacks — like phishing and social engineering, for example — so employees don't fall victim to scams.

4. Establish strict behavioral policies for personnel. Set up policies for privacy safeguards, security safeguards, and password management to help personnel remember to protect patient and hospital data at all times. Outline rules for keeping confidential information and records from being leaked, sharing or posting staff user IDs or passwords, keeping devices safe from both physical criminals and cybercriminals, and creating complex passwords. Then, establish disciplinary actions for repeat infractions.

5. Invest in new security measures. Because technology and security are constantly evolving, hospital infrastructures should be, too. Test new technologies that limit the damage of attacks — like those that segregate networks — and adopt what works best. Secure wireless networks to protect from hackers, encrypt portable devices so data won't be accessible if devices are lost or stolen, and replace outdated technology with more modern, secure versions.

6. Develop data security and breach response policies. Having policies in place will ensure that everyone throughout the organization is on the same page about security standards. The policy should cover things like mandates for the deletion of patient and organization information, audits of stored information, and the process for vetting third-party vendors. It should also outline a plan of action in the event that a data breach does occur, highlighting how each department should respond to minimize damages.

Administrators at hospitals and other healthcare facilities are still learning how to grow and adapt to the data revolution. It's taken a while — and a number of high-profile data breaches — but most are finally beginning to recognize the value that data brings to an organization and how important it is to protect patient information. That's why now is the time for organizations to rebuild consumer trust by focusing on making data secure and security practices transparent.

Asha Saxena is the president and CEO of Future Technologies Inc., a data management and analytics firm. FTI's healthcare analytics dashboard, FTI CATALYST, helps create operational efficiency for executive management through a pre-built data model. 

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months