By Sharoni Mitra, Healthcare Strategist
Do you use a smartwatch? Have you ever installed a healthcare, diet, or workout app? Or have you ever put in personal information without verifying the application or website?
My answer is yes to at least two of these questions, and I can guess that most people can say the same.
Now comes a series of daunting questions I ask myself every time I use a new app/technology that requires my personal information. How much of my personal data am I agreeing to share? Can they access my personal data from my smartphone? Where is all the personal information stored? Will the organizations sell my data for personal gain? It leaves me vulnerable and unaware. However, most of us trust and sign off on the disclaimers with extra-small font.
As consumers we provide the product owners with our most personal information and hope they will guard it. However, data storage always has an associated risk, even with the most secured channels or platforms; in fact, in 2019 there were 510 healthcare data breaches (https://www.hipaajournal.com/healthcare-data-breach-statistics/). While we all want to gather healthcare data, and the constant debate about interoperability of different platforms is stimulating, what happens when the databases are breached?
The data is sold in the darknet for millions, and the sold data is then used for identity theft and phishing, among other things. For an organization, the repercussions of a data breach are millions of dollars in class action lawsuits and HIPAA violation fines. However, for a community it feels like a more personal breach of trust, and no monetary value can compensate for it. So what can be done to reduce the number of data breaches? Education, awareness, and strongly believing that prevention is better than the cure. Any organization that works with personal data, whether it be an organization of three people or one of 10,000, needs to have a strong cyber-security strategy.
Once the novel coronavirus pandemic started, even more hackers were trying to access healthcare data. What effect does this public health emergency have on healthcare data security?
- HIPAA shows leniency in penalties for noncompliance with rules within the spectrum of telehealth. While telehealth services have become a smarter, more cost-efficient, and safer choice for communicating our needs to caregivers, there is a higher risk of hacking and accessing personal conversations.
- Working from home also poses a major threat. The office provides us with secured platforms and networks, whereas during work from home we are using personal or community networks. Most people have not received adequate training on data security while working from home, increasing the chance of employees unknowingly sharing data or accessing bugged sites that are usually blocked on office networks.
- COVID-19 has also pushed not fully established enterprises to jump from one cloud technology to another for enabling remote work without proper investigation of these technologies, leaving the organization vulnerable. Multiple applications are being used for communication without properly scrutinizing their data security policies.
COVID-19 has not only led to major collection of data, but it has also left preexisting data exposed to threats. Hence, it is not only the job of an organization to have secured systems in place, but an individual’s responsibility to be more mindful when using healthcare data.