4 big data threats health org’s are socially obligated to safeguard against

By Carl Ascenzo
08:18 AM

The explosion of big data continues as it brings to picture a wealth of information possessed by the healthcare industry including credit card information, personal security details, medical procedures, diagnosis codes, insurance claims and more. Healthcare organizations are grappling to find the best way to leverage the overwhelming information to achieve tangible business benefits and in the process, leapfrog ahead of competition. Given the vast amount of clinical, financial and soon behavioral data, the possibilities presented by big data are endless and set to significantly transform the industry.

[See also: Public health's 5 big data hurdles.]

So, what is the Achilles heel for big data’s adoption? Security and Privacy threats. Just this January there was a case of an information technology specialist from Atlanta, who was sentenced for hacking into the patient database of a former employer, stealing patient information including names, telephone numbers, addresses, etc. deleting it from the system and selling the same to his new employer. Digital footprints leave enough information in the digital network that can trace back to personally identifiable information, track personal habits and behavior as well as predict future behavior.

So what could this mean for you? For starters, here are four things healthcare organizations must focus on:

  1. Loss of Personally Identifiable Information (PII) – The loss of personally identifiable information such as date of birth, driver’s license number, security number etc. is increasingly being recognized as one of the most ominous security or privacy threats. While external threats dominate top of mind discussions, there is an increasing number of cases of information breach by insiders and this could cost dearly to organizations resulting in loss of customers, incurrence of high compensation claims, legal suits and permanent damage to reputation. 
  2. Loss of clinical data – Clinical data comprising diagnosis details, procedure codes and patient specific medical information can be greatly misused if it reaches the wrong hands. Electronic Medical Records (EMRS) contain patient specific information including first doctor’s appointment, medical prescriptions, treatment details etc. and this combined with a policy number is all that it takes for a hacker to receive unauthorized medical care or billing for services that were never received. Even more damaging is the irrevocable harm to one’s personal and professional life if certain clinical information is made public. The implications are enormous.
  3. Loss of financial data – The amount of financial data in the digital healthcare network is astonishing. With banks and individuals getting more proactive about protecting their financial information, the medical industry has become an easy target for hackers. Credit card details are increasingly being stolen from medical records for making unauthorized purchases due to the limited security features of some EMRS. The outsourcing of billing activities, increased internet and mobile involvement in healthcare, etc. create more avenues for potential data theft, significantly impacting healthcare organizations. The resulting law suits by patients, compensations to affected parties and the loss of patient trust and confidence can taint your brand for life.
  4. Loss of behavioral data – Behavioral data is the newest and possibly fastest growing of the data types in healthcare. This is because of the heightened awareness of the importance behavior has in managing care and maintaining wellness. The onslaught of behavioral data is being fed by monitoring devices, GPS tracking, internet site visits, social media, purchasing habits, exercise activity, and self-reporting.  Behavioral data is increasingly becoming the ‘hot favorite’ for cyber thieves as it helps to draw up startlingly accurate representations of human behavior which is of great demand among marketing companies and also others with illicit intentions. With the increasing usage of tablets, smartphones and other mobile devices, behavioral data is becoming more vulnerable to theft.

Despite regulations, such as HIPAA to protect health information, the security and privacy threats presented by big data are shocking. Some of the commonly heard questions include: What about behavioral data? Is it covered by HIPPA or only if made available with other protected data or at all? How about data for over-the-counter medications, alcohol purchases, etc. or recurring day and time of absences from the home due to regularly scheduled medical visits? All of these can pose potential threats to an individual’s reputation and safety.

[See also: HIT makeover, public health style.]

The ‘Big Data Theory’ showcases the multiple promises of the big data explosion and where it can take the healthcare industry. What we really need to think is whether we are aware and prepared to face the demands big data places on an enterprise’s technology, policies and procedures, and infrastructure including that of its trading partners. Healthcare organizations must realize their fiduciary, ethical and moral obligations associated with big data and proactively act accordingly.

Carl Ascenzo is vice president of global healthcare solutions for Virtusa. His previous post, 4 considerations for mobile implementation, ran in June, 2012.