As new technologies such as AI, sensing and data science evolve, healthcare is redefining itself. Indeed, remote patient monitoring is reshaping healthcare to be more efficient, less time consuming, discreet, and contactless. In this digital era, digital health is becoming an integral part of healthcare and as a result the volume of digital personal health information (PHI) is increasing by the day. The significant improvement of healthcare technologies due to increased availability of data is also directly associated with increased data confidentiality and protection risks. Hospitals and health organizations are moving from paper records to electronic health records (EHRs), thereby increasing access to healthcare and improving care quality as they are accessible anywhere, anytime. However, digital health solutions must ensure data protection and confidentiality. We, at Neteera, think that HIPAA is a great tool, but we decided to implement extra measures to safeguard our customers’ digital PHI.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 under the Bill Clinton administration. It addresses the use and disclosure of an individual’s health information and was in part legislated to prevent healthcare fraud. Without HIPAA there would be no requirement for healthcare organizations to safeguard data – and no repercussions if they failed to do so. Why is HIPAA compliance important? Organizations implementing HIPAA rules are trusted. Patients or prospective patients are confident that their data privacy is taken seriously. HIPAA compliance increases customer loyalty, and customers are likely to pursue additional services from a HIPAA compliant organization. Customer trust and loyalty will ultimately lead to customer retention and thus, increased profitability.
Is HIPAA enough in today’s healthcare digitalization? Simply put, it is not. This year alone (2021), cybersecurity threats will cost the world an estimated US $6 trillion. PHI is worth 10-20 times a credit card number on the black market and can potentially be used for false insurance claims or to purchase medical supplies illegally. An estimated 90% of health care providers have already encountered data breaches. In light of the pandemic, the Office for Civil Rights has loosened enforcement of HIPAA to render telehealth and telemedicine more accessible on one hand but making data and sensitive information more vulnerable on the other. Indeed, since COVID-19, the number of cyber-attacks has increased five-fold.
90% of health care providers have already encountered data breaches
Protecting data privacy in healthcare requires controlling access to personal information to begin with. Control of information cannot be regained after it has been shared. However, data sharing has tremendous benefits. HIPAA does not frown upon data sharing; in fact, it was designed to aid data exchange. Data sharing enables optimized personalized care, detecting uptake of contraindicated medication on a personal level, and more. At a larger scale, data exchange can assist in extrapolating data from extensive genetic studies, substance abuse, epidemiology and disease tracking and general health management, thus significantly improving healthcare in the long run.
Neteera takes the safeguarding of customers’ PHI seriously and we are committed to protecting all sensitive and private information. HIPAA and GDPR are the right step in the right direction, but more is required.
Many healthcare organizations are deidentifying, removing specific identifiers from data sets to make data less accessible, such as name, geographical area, social security number, etc. However, deidentification is not anonymization. With so much information publicly available, and with enough motivation, re-identification can easily take place.
We have implemented additional measures to fully anonymize collected data, making it impossible to track or identify sensitive information. Even in the unlikely event of a security breach, data cannot be traced to a particular individual. Neteera is committed to the security, privacy, and integrity of your personal information and these will never be compromised.