What is the message?
The exponential growth of patient health data in the healthcare sector presents both opportunities and challenges.
While this data holds immense potential for improving patient care and operational efficiency, healthcare organizations face significant risks in protecting its privacy and security.
EXECUTIVE SUMMARY
What are the key points?
Data Explosion: Since the federal requirement in 2014 mandating meaningful use of EMRs, healthcare organizations have witnessed an explosive growth in patient health data, with a projected compound annual growth rate of 36% by 2025.
Data Vulnerability: Despite the vast quantities of data being generated, healthcare organizations are ill-equipped to protect it, with low IT investment contributing to challenges in data management and security.
Privacy Threats: Insider threats, including unauthorized access and misuse of patient data, pose significant risks, with healthcare insiders responsible for 20% of all breaches in 2020.
Opportunities: Patient data offers valuable insights that can address clinical and operational challenges, but leveraging this data requires strategic investments in health IT, blockchain, and analytics.
Risk Mitigation: Advanced analytics leveraging artificial intelligence and automation can help mitigate privacy risks associated with the growing volume of patient data, while also improving operational efficiency and financial stability.
What are the key examples?
In 2020, publicly reported hacking incidents affected over 31 million patient records, highlighting the real and immediate threat to data security in healthcare.
Instances of insider misuse, such as the unauthorized access and sharing of medical records by a hospital employee in Cedar Rapids, Iowa, underscore the vulnerabilities within healthcare organizations.
Strategic investment in advanced technologies like AI-driven analytics can not only enhance data security but also unlock the full potential of patient data for healthcare improvement.
What are the key statistics?
A single patient generates nearly 80 megabytes of data each year in imaging and EMR data.
Healthcare insiders accounted for 20% of all breaches in 2020.
By 2025, the compound annual growth rate of data for healthcare is projected to reach 36%.
DEEP DIVE
The Skyrocketing Volume Of Healthcare Data Makes Privacy Imperative
Forbes
Nick Culbertson Forbes Councils Member
Forbes Technology Council
August 6, 2021
image: getty
CEO of Protenus , leveraging AI to reduce risk and improve patient trust for healthcare systems across North America.
When adopting and demonstrating meaningful use of EMRs became a federal requirement in 2014 for all public and private healthcare providers, it led to the sudden, widespread use of these systems for storing and accessing clinical information.
The amount of data under healthcare organizations’ control skyrocketed, marking just the beginning of an exponential increase in patient health data.
With a single patient generating nearly 80 megabytes of data each year in imaging and EMR data, according to 2017 estimates, RBC Capital Market projects that “by 2025, the compound annual growth rate of data for healthcare will reach 36%.”
This growth rate is notably faster than what’s projected for many other massive industries, including manufacturing, financial services and media and entertainment.
Thus, the amount of data that healthcare churns out with each passing second is almost incomprehensible.
Take, for instance, the 2018 Statista estimate that as many as 2,314 exabytes of new data could be generated worldwide in 2020.
Cloud storage provider Backblaze postulates that if one gigabyte is the size of Earth, then a single exabyte is the size of the sun — and healthcare was expected to produce 2,314 exabytes before Covid-19 was on anyone’s radar.
Drowning In Vulnerable Data
After an explosive year for telehealth utilization, contact tracing, outbreak tracking, virus testing, remote work, and medical research, it’s safe to assume that the estimate turned out to be low,
and healthcare is generating even more data than the organizations protecting it anticipated or prepared to handle.
…healthcare is generating even more data than the organizations protecting it anticipated or prepared to handle.
While accounting for a rapidly multiplying amount of data — and data that is highly sensitive in nature — healthcare is uniquely ill-equipped to protect it.
An International Data Corporation report sponsored by Seagate Technology delivered this blunt assessment: “IT investment in healthcare is among the lowest of all industries. As a result, IT departments have difficulty catching up with data management challenges, let alone investing in advanced architectures, edge computing, robotics, and other necessary technologies.”
IT investment in healthcare is among the lowest of all industries.
The conclusion won’t surprise anyone familiar with healthcare’s bureaucratic intricacies and its cautious adoption of new tools.
When competing with direct patient care initiatives for limited budget, basic data privacy measures tend to take a backseat — let alone more resource-intensive efforts to harness the rich clinical and operational insights that data can provide.
As their data loads swell, though, health system leaders are being forced to realize the consequences of sidelining investment in IT improvements.
We know from my organization’s annual Breach Barometer that in 2020, publicly reported hacking incidents affected more than 31 million patient records, and ransomware attacks, in particular, more than doubled from 2019.
Many organizations hit by hackers ended up reverting to paper records for indeterminate stretches of time, too often leading to patient diversion, revenue loss and jeopardized trust.
Months or years down the line, affected systems could still be battling reputational damage and lawsuits related to the incident.
While accounting for a rapidly multiplying amount of data — and data that is highly sensitive in nature — healthcare is uniquely ill-equipped to protect it.
Patient data isn’t just alluring to hackers wanting to turn a profit on the black market or squeeze ransom payments out of large organizations; it can also be misused by the average employee who has been entrusted with access.
At one Cedar Rapids, Iowa-based hospital in 2017, a then-patient care technician illegally accessed and shared the medical records of her ex-boyfriend (who wasn’t her patient), essentially weaponizing them against him.
Patient data … can also be misused by the average employee who has been entrusted with access.
What To Do With All This Data
Sadly, similarly inappropriate access isn’t uncommon, as evidenced by the fact that my organization found healthcare insiders were responsible for 20% of all breaches in 2020.
The finding underscores that as healthcare organizations amass greater and greater quantities of sensitive, highly sought-after patient data, the assorted threats to keeping it private are growing in lock-step.
The vast quantity of data at health systems’ fingertips is extremely vulnerable, but it also wields an enormous amount of power. It can be harnessed to solve any number of problems, from clinical challenges to operational challenges.
To tap into the insights that patient data holds, it’s imperative that healthcare organizations prioritize investments in health IT, blockchain and analytics, as the International Data Corporation concluded.
However, in their endeavors to leverage patient data, health systems must also ensure its privacy to prevent costly breaches and their various consequences.
… in their endeavors to leverage patient data, health systems must also ensure its privacy to prevent costly breaches and their various consequences.
Fulfilling this obligation will specifically require strategic investment in analytics that use artificial intelligence and automation
- to audit access to patient data and
- that alert compliance professionals to the most suspicious events with high accuracy.
… this will … require strategic investment in analytics that use artificial intelligence and automation (1) to audit access to patient data and (2) that alert compliance professionals to the most suspicious events with high accuracy.
This kind of advanced technology strategy can help mitigate risks associated with mass quantities of patient data, while also helping organizations leverage it in a way that improves operational efficiency and financial stability.
When determining whether a privacy solution is worth investment, health systems should consider metrics such as
- false-positive rates,
- reduction in privacy violations over time,
- full-time equivalent requirements and case resolution times.
It’s also important to select a vendor that not only understands the healthcare landscape but builds its product roadmap to meet health systems’ evolving needs.
Despite the data explosion that will certainly continue in an era characterized by remote work, telehealth utilization and electronic prescribing, advanced analytics can give healthcare organizations a fighting chance to effectively protect patient privacy.
For those who fail to prioritize investment in next-generation solutions as the volume of sensitive data grows, a financially and operationally crippling incident is just one improper access away.
Originally published at https://www.forbes.com.
TAGS: Technology Issues; Access to data; Data Strategy; Data Sharing; Data privacy; Cibersecurity; Blockchain; Data Strategy; Analytics; AI; Automation.