Improving Healthcare Data Security With a Single View of the Patient

According to the Department of Health and Human Services, medical information about more than 120 million people has been compromised in more than 1,100 separate breaches since 2009, and sadly the number is rising as healthcare data breaches continue to occur at alarming rates. Healthcare industry data theft accounts for 42.5 percent of all data breaches since 2012, followed by the business sector with 33% of breach activity and the government with 11.7 percent.

While retail, financial and government institution data breaches can severely impact victims and carry long-lasting repercussions for organizations, medical record theft can have far more sinister consequences. Not only can thieves access financial data through healthcare records, but cybercriminals often alter a victim’s medical data to fraudulently claim insurance money. These alterations, possibly undetected, could result in inaccurate records that can create life threatening situations.

It’s a daunting problem made worse by the growing number of access points to patient information and the necessity to share data between insurance and healthcare providers. The healthcare industry is challenged with the issue of protecting identity data while simultaneously making it available to the right people who need the information to care for patients.

Just as achieving a single view of the customer is important to delivering secure customer experiences in the retail and service industries, having a single view of the patient is essential in the healthcare industry as a data security best practice. Aggregating a single profile for each patient across data silos in real time ensures that the most accurate records are available at each data use point.

In most data breaches, cybercrimininals use an employee’s credentials to gain full access to a database. A single view of the patient also allows organizations to apply data access governance policies to each patient identity profile instead of only at the firewall, eliminating a single security vulnerability point. Plus, these rules can be enforced no matter which medical care practitioner, insurance company or third party vendor accesses the data because the policies remain attached to the patient’s profile. Granular controls ensure that employees can see only the patient’s data that they need to accomplish their jobs rather than exposing entire profiles, greatly minimizing the impact of a breach.

As consumers embrace digital engagement and share information across every facet of their lives, they expect to have more control over their information. This expectation applies to healthcare just as much as it does to e-commerce and digital services, particularly as the Internet of Things evolves and fitness and healthcare wearable devices become more prevelent. A single view of the patient combined with a way to capture patient preference and privacy choices will become an increasingly critical aspect of protecting patient privacy and keeping data safe across multiple devices and a growing number of data use points.

Identity data management is already undergoing a monumental shift from managing employee data to encompassing billions of customer identities. The same requirements that customer identity management demands in retail use cases, such as large scale, high performance, real time sync capabilities, data aggregation across silos, preference management and support for security best practices, apply to patient identity management. As healthcare organizations focus on protecting sensitive patient data and delivering accurate information to support critical decisions, identity data management must be a central part of the discussion.