As 2019 launches, the word cybersecurity is everywhere. There’s security around medical devices, telemedicine, IT systems and, arguably most importantly, portals – which are accessed by employees, vendors, and patients.
Cybersecurity is a big focus for providers, a topic that ranked among our CIO focus group as one of the top priorities for 2018 and again in 2019, with even the Department of Health and Human Services weighing in on recommendations in its recent report. One reason relates to cost—according to HHS, the average cost of a data breach per healthcare organization is more than $22 million1.
Maintaining Patient Confidence
Another incentive for focusing on cybersecurity is a healthcare organization’s responsibility to be a custodian of patients’ private information. The more engaged patients are in their own health, the better the outcomes, studies have shown. Driving more patient engagement can be another tool to help reduce costs. Our 2019 focus group revealed that CIOs understand that patients won’t utilize their healthcare organization’s services if the patients don’t have confidence that their data will be protected.
All roads seem to point to more security, which begs the question: how does a healthcare organization plug security holes while enabling easy access for the right portal users? Trust is important – but what about usability? Patients don’t want a bulky, long process to get to their records.
Cybersecurity Checks, Not Hurdles
What we have seen to be successful is a layered strategy or multi-factor authentication process where you can put multiple checks in place along the patient journey—from registration to discharge.
The most successful approach puts lower friction identity or authentication tools in place up front and then layers more complex checks in if warranted. If no red flags exist, the patient gains access to their data, with the data security checks occurring seamlessly behind the scenes.
If a device or identity looks suspicious, more security checks can occur to determine access rights. These identity management and cybersecurity strategies can be successful for providers in driving portal adoption and helping patients take a more active role in their own health. They can help with getting employees and vendors the right access to systems too!
To learn more, check out our video.
1-https://www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.pdf