Healthcare organizations are doing everything they can to modernize and digitally transform their organizations, but by many accounts, healthcare remains a laggard when it comes to digitization. And as a recent PwC report reads, “The question for 2020 will be whether this digital transformation will benefit consumers—marking a new dawn for the US health industry and for the people whose lives depend on it.”
What could the obstacles be toward reaching that goal?
According to PwC’s “Data Trust Pulse Survey,” conducted earlier this year, the hurdles to success include poor data reliability (34%), data protection and privacy regulations (33%), an inability to adequately protect and secure data (32%), and a lack of analytical talent (30%).
PwC’s Health Research Institute executive survey, conducted in September, with results published in the Top health industry issues of 2020: Will digital start to show an ROI? Had even more stark findings when it came to security: 94% of payer executives, 85% of provider executives, and 75% of pharmaceutical/life sciences executives.
PwC found third-party providers to be of significant cybersecurity and privacy concerns. Primarily, according to PwC, their limited internal capabilities, lack of data science talent, and their heavy reliance on outsourcing. Organizations should start treating their value-chain much the same way banks do. “These relationships help drive efficiencies, but they also leave data open to breaches. In the same way that banks require their vendors to meet specific security compliance measures, so, too, should companies require— and audit— adherence to security standards. Contracts should also require vendors to alert a company to any data breaches promptly, and companies should have retainer agreements in place with cybersecurity firms to respond if an event is found to have taken place,” the study said.
And the consultancy warned established healthcare players to be wary of the security and privacy chops of new consumer entrants. “Know that privacy and security regulations vary for business partners. Some nontraditional health companies and new entrants—such as companies offering patient portals or direct to consumer applications—are not bound by the same privacy and security regulations standards that are outlined in the Health Insurance Portability and Accountability Act. This can lead to the use of individuals’ data, such as for marketing purposes or sale, without their consent,” the report said.
The upcoming year holds significant promise for healthcare innovation and digital transformation. But it's also fraught with risk as digital healthcare technology opens and expands. Healthcare providers and payers are going to have to make certain that they have risk mitigation strategies in place that scale so that they can avoid costly – yet preventable – data breaches and regulatory compliance violations.
Unfortunately, as we covered in Surprise: Healthcare Organizations Confident in Their Cybersecurity Efforts, the report from risk management services provider LexisNexis Risk Solutions found that healthcare organizations have a very high level of confidence when it comes to their perceived preparedness. Paradoxically, most of those surveyed had only basic user authentication methods in place. So before the industry tackles the challenge before it, it may have some more data breach hits to take.