In “Citizen Trust and Our Biggest Institutions – Part One“, I explored the impact of information security breaches on trust in our Federal government using a simple drone registration as the example. In part two, I explore our trust in the industry of healthcare given its information security challenges. After Federal government, healthcare is arguably our most important institution even above education. When you don’t have health, not much else matters.
The healthcare industry is physician led, rightly physicians are intensely focused on improving patient care, and that is where healthcare’s energy and financial spend goes. In fact, the well known argument within the industry against information security and privacy is that it will not save a patient’s life, and every information security dollar spent takes away from spending on better patient care. This argument has led to the healthcare industry spending as little as possible on information security and focusing on a “minimum standard” stipulated in HIPAA. On the surface I can understand this argument somewhat. But if we unpack the concepts, we clearly see the argument comes from an era in which electronic information about patients was not kept with care providers, and from an era in which bad actors did not target healthcare with cyber security attacks. It is time for this argument to move to the past where it belongs. Today, data breaches have reached a rampant level with healthcare providers becoming the primary target, and in 2015 alone nearly a third of us were impacted by identity theft involving healthcare related organizations, as an example see “Hackers Will Steal Health Records from One Third of U.S. Customers Thanks to Bad Cyber Security”, or “Medical Identity Theft Hits an All Time High”.
Since this is a blog post on trust and our biggest institutions, let’s get to the very heart of the matter. “Recent studies have found that people are withholding information—sometimes critical information—from their healthcare providers because they are concerned that there could be a confidentiality breach of their records”. This is a direct quote coming from a recent Verizon Study titled “2015 Protected Health Information Data Breach Report”.
At a time in which our personal health care is hyper-dependent on the digital details of our medical history and information, the idea that patients do not trust care providers with confidentiality is unsustainable. We have been promised a future in which each of us receive custom healthcare based on our personal digital genome in order to receive the very best care possible, if that dream is to become a reality, we must trust our care providers with our medical information. Otherwise the dream will stay just that, a dream.
If you would like more information about healthcare information security breaches here are a few outstanding resources; The Identity Theft Resource Center, DataBreaches.net, the Health and Human Service Breach Report, and Verizon’s “2015 Protected Health Information Data Breach Report” .
In my next blog post, I will examine the very latest attacks on the healthcare industry as well as the attackers’ motivations.