Is Your Health Data Secure? Time to Preserve Its Privacy

New advancements in technology with the rapid digitization of medical records has brought a paradigm shift in the healthcare industry. We can vouch that the analytical power of this clinical data has the potential to improve care, save lives and reduce healthcare cost. It can be used for clinical decision support, health insurance, adverse event monitoring, public health management, disease surveillance and much more.

But technology is like a double-edged sword; if not used with caution, it can have harmful effects. As the healthcare industry harnesses the power of big data, there are rising incidents of the data breach and compromised cybersecurity.

As reported by a US-based cybersecurity firm FireEye, emerging threats and high vulnerability of data are prevalent these days in all industries, especially healthcare. Cybercriminals get benefitted from this stolen data by selling it directly in underground forums.

The average value of a single stolen patient’s health record is $380, which is the highest among all the other industries. See the below graph for more details.

Graph: Industry-wise breakup of the average cost of data stolen by cyber-attackers.

In light of such a scenario, it becomes imperative for organizations to implement healthcare data security solutions to protect this sensitive information. Additionally, they must address the legal responsibilities of processing the personal data of their clients.

The Indian government has already taken steps in this direction and is bringing a new healthcare security law. It is called DISHA – Digital Information Security in Healthcare Act.

Various technology solutions are in use to protect the security and privacy of healthcare data. These include:

1. Authentication:It confirms claims made by or about the user are true or not. It authenticates the identity of the users. It serves a vital function in data security as it helps in the following ways:
   • Secures access to corporate networks.
   • Protects the identities of the users.
   • Ensures that a user is who he or she claims to be.
2. Encryption:Use of algorithms to encrypt data is a very effective way to prevent unauthorized access to vital health information. It conceals the sensitive information and maintains the ownership of data throughout its lifecycle — from the data centre to the endpoint that includes mobile devices used by physicians, administrators, patients and into the cloud.Data encryption is beneficial to avoid a data breach in case of theft of storage devices. Encryption should be easy to use by both patients and clinicians and should readily extend to electronic health records.
3. Data Masking:The process of hiding the original data with modified content which cannot be identified is known as data masking or data obfuscation. It replaces the sensitive data elements with a masked value.The main advantage of data masking is the reduced cost of securing the healthcare data as the dire need to apply additional security controls is minimized.
4. Access Control:The access control policy governs the privilege and right of each doctor to patient’s health data as authorized by patients or a trusted third party. In other words, it is a flexible mechanism to grant permissions for users, which is indeed a powerful one!The sophisticated authorization controls ensure that users can perform only the activities for which they have been given access, e.g. access to electronic health records, access to view lab reports etc.

How is health data safeguarded at Fitterfly?

At Fitterfly, we have a technical jargon built-in place with complex architecture to ensure the safety of electronically stored patient health information (PHI). These are the below necessary business steps taken at our organization:

• Repeated testingTo ensure that our current system is active, we perform random testing and conduct multiple risk assessments annually.
• Restricted access to PHIUnder US data security law – HIPAA (Health Insurance Portability and Accountability Act), we have given data access to only those operators who need to use it. Furthermore, we have given each employee his or her login information to make auditing easy.
• Educate and train our workforceAt Fitterfly, we believe that an educated workforce is our first line of defence. To this end, we train our employees about HIPAA compliance, how to encrypt data, generate strong passwords and educate them with the latest technology solutions to prevent a data breach.
• Update and modernize our IT infrastructure.We have experienced IT experts who review our current IT infrastructure and run checks to determine whether these systems will detect our software against malware or breaches.

At Fitterfly, we believe that IT security remains a pivotal issue as companies continue to develop their automated healthcare systems. We have a huge responsibility to make sure that the patient’s sensitive information is safe and secure from the prying eyes of hackers not to let them use it for their benefits.

To sum it all, a patient’s health-related information is sensitive because if it gets lost, stolen or compromised; it can be used to cause injury, violence, discrimination, and humiliation to the individuals. Hence, every step must be taken to ensure its security.