Is Big Data Fueling Breaches?

By John Oncea, Editor

Data breaches continue to dominate healthcare headlines, leading one to wonder if the unprecedented growth of Big Data is to blame. Health Data Consortium CEO Chris Boone shares his thoughts on this subject and more.

I attended HIMSS15 last month and had the good fortune of speaking with many of healthcare’s movers and shakers. Almost to a person, they wanted to talk about Population Health Management (PHM) and Big Data.

Some, such as my colleague Ken Congdon, came away feeling healthcare needs a universally accepted definition of PHM. I came away wondering how all this data  is mined, aggregated, and shared as part of effective PHM program, and the steps providers need to take to protect this information from  hackers.

Healthcare Has A Target On Its Back
The growing number of vulnerabilities and sheer size of the industry have resulted in healthcare accounting for more than 40 percent of all major data breaches reported last year. This number will most certainly increase until the industry comes up with stronger solutions to improve its cybersecurity strategies. In fact, security experts are anticipating such a sharp rise in the number of expected breaches this year they have already dubbed 2015 the year of the healthcare hack.

But why is healthcare such an inviting target? According to Chris Boone, CEO of Health Data Consortium, the complexity of health IT networks allows hackers to penetrate the virtual walls through everything from medical devices to internet-facing health data. “I don’t believe healthcare is a soft target, however I do believe it is a more attractive target since healthcare records contain a wealth of sensitive information such as social security numbers, demographic data, and financial account numbers in some cases.”

Boone feels we are looking at a very complex issue that necessitates the involvement of many stakeholders — including policy makers, provider organizations, health plans, technology firms, and many others that are involved in the generation, storage, and/or transmission of health data.

Investing In PHM
Handled correctly, implementing a secure PHM program is possible but requires a major commitment of time and resources. Boone concurs, saying, “The ability to effectively deploy PHM strategies requires that organizations modernize their system architectures by moving to more scalable and secure cloud-based architectures that leverage SaaS, PaaS, and IaaS. This should provide a clear business justification for investing in upgraded IT technologies.”

Boone goes on to note a cloud-computing deployment would offer greater flexibility and reliability over client-server based architectures — plus it is cheaper to manage.  More importantly, Boone says, it increases data availability and accessibility to heterogeneous datasets, which in turn offers an opportunity to more effectively mine the data to get some contextual insight.

“Along those lines, there is even a movement towards Data Science as a Service, which is great for organizations that are not prepared for, or interested in, building data science teams,” Boone says. “This modernization of system architecture also comes with the added benefit of minimizing breach risk.

“Ironically, I’ve read studies that support data sharing as a plausible solution to addressing cyber-attacks. That said, I think the core issues revolve around the simple notion that healthcare organizations are strapped with thin margins and data protection is not directly linked to reimbursement or revenue activities. In other industries, companies enjoy the luxury of passing on cybersecurity costs to consumers and healthcare is not that fortunate. As such, many healthcare organizations opt for regulatory compliance, which does not equate to information protection.”

Are Breaches The Fault Of Leadership?
Is it possible the decision by healthcare leaders to protect margins is contributing to the breach epidemic? Not according to Boone, who said, “I refuse to believe healthcare organizations are that arrogant or irresponsible when it comes to health data. I tend to think that we need to challenge our core assumptions as it relates to the notion that compliance equates to security. The real challenge is in building an infrastructure that effectively shares health data while protecting it. This system should not establish unnecessary barriers for providers to access clinical data when they are providing care to patients.”

Furthermore, much like Congdon believes the industry must act as one to define PHM, Boone feels the same approach must be taken to protect the data. “We must remember that it requires a community approach to addressing this issue, but each stakeholder must feel incentivized to adhere to cybersecurity leading practices in product design and system architecture efforts.”

Actions Speak Louder Than Words
This is where Health Data Consortium, an educator in the world of health data, comes in. The organization looks to continue its mission of increasing health data awareness at Health Datapalooza 2015, a national conference focused on liberating health data and bringing together the companies, startups, academics, government agencies, and individuals with the newest and most innovative and effective uses of health data to improve patient outcomes.

This year’s event features meaningful plans and solutions to some of healthcare’s biggest challenges, presented through a number of breakout sessions. The event, according to Boone, will touch on “real issues” surrounding Big Data and breaches.

Boone says this includes “establishing industry standards for healthcare institutions; addressing the cost burden issue for healthcare institutions; and establishing a system that is not punitive for the organization adopting the industry standards and meeting compliance thresholds, but more focused on the individual(s) conducting the breach.”