You don’t have to look far to learn that healthcare data is valuable and being stolen on a regular basis1. Health plans are very aware and working to protect member data and healthcare digital experience, managing the evolving changes of healthcare data access and technology.
The Value of Healthcare Data
Over time the value of healthcare data has increased over other types of identity data. It may not be clear why but there are some differences mentioned in the panel discussion that may account for it. One thing that is different in healthcare is that everyone has a medical record and that doesn’t change over a lifetime. “If you have a credit card number breach, you easily call the number on the back of the card and get a new card sent to you immediately. They shut it down. For medical records, there’s no way to shut it down,” stated Steve Gwizdala of ForgeRock. The motivation here is to commit insurance fraud. If a criminal can impersonate a member and create fraudulent activity, there’s no fast way to shut that down. The National Health Care Anti-Fraud Association estimates that healthcare fraud costs the industry $68B annually.
Identity theft is common across all industries. Criminals can use any identity (repeatedly) to steal unrelated to healthcare like opening a credit card or getting a loan. Health plans are aware that data theft is a serious issue. “Data is out there and can be used. Focus has shifted from how much is the data worth to how can you protect the organization. How can losing that data affect the organization from the perspective of member trust,” offered CISO Devin Shirley from a health payer organization. To maintain member trust, health plan organizations are adapting their strategy to manage cyber threats and the new data inputs, while maintaining a positive healthcare digital experience.
Regulatory Data Exchange Impact
The approach to healthcare cybersecurity is affected by regulations like HIPAA and the Cures Act. HIPAA brings risk in the form of privacy for members/patients. The flow of data expected from the Patient Access APIs brings exposure in a couple of different ways: through receiving data from third-party apps and through having other entities connecting to your API.
As a result of the Cures Act, “It’s not just one company protecting identities, but now it’s becoming several companies doing it together. With a full secure eco system – they all impact each other – like in a breach. Working together will be important as everything goes from one person, one company to a cloud-based model where data is everywhere,” added Shirley. How can health plans manage risks with new data and a good healthcare digital experience?
User Experience
Balancing user friction has been a longstanding topic. The technology has changed over time and now it’s possible to closely control how much friction users must deal with. Something to consider is how much friction is the right amount.
Some experts believe you should relieve as much friction in the online experience as possible. The healthcare digital experience is moving toward consumerism with growing expectations of an easy user interaction.
From a health plan perspective, the outlook on friction is different. The perspective is that some friction is good, “Try and get frictionless security in what makes sense, things like geo fencing, device assessment, where the consumer doesn’t even see it. However, when you think of things that are more onerous – ID verification or submitting biometrics – friction should be reserved for the things that it will ultimately alter the course of how you will access that data” said Jonathan Shannon, Sr. Director Healthcare Strategy, LexisNexis Risk Solutions.
The trust factor is critical for health plans, “We expect a certain level of friction. If users don’t get any, we’ll lose their trust. People want to see a little bit of friction. Background processes are crucial – anything you can do behind the scenes will enable you to deliver a better user experience,” added Shirley. The application of a risk-based strategy can allow health plans to set risk levels to protect while offering members a positive healthcare digital experience.
These insights are just a sample of the great conversation with the panel. There’s much more to learn from these experts. Watch the webinar on demand to learn more about current cybersecurity technology and the health plan perspective.
- https://www.securelink.com/blog/healthcare-data-new-prize-hackers/
- https://www.hipaajournal.com/june-2022-healthcare-data-breach-report/
