The Health Data Balancing Act

Despite the need to remain HIPAA-compliant, data breaches are common in the healthcare industry. Fortunately, there are security actions that can be taken.


28 January 2015

information security compliance

As more and more physicians and patients blithely adopt technologies and devices that collect, interpret, and share health information, the pressure on healthcare providers to keep all that data secure — and accessible — is growing.

Despite the need to remain HIPAA-compliant, data breaches are an all-too common occurrence in the health industry. In fact, one of 2014’s biggest data hacks involved a healthcare organization. Attributed to a Chinese hacker, the incident compromised the Social Security numbers, names, and addresses of 4.5 million patients at Community Health Systems of Tennessee, according to the Privacy Rights Clearinghouse.

Security breaches put the data of more than 5 million patients at risk last year, according to a recent report from PwC's Health Research Institute (HRI). The report entitled, Top Health Industry Issues of 2015, interviewed health industry executives and surveyed 1,000 U.S. adults about the nation’s healthcare system.  It explores 10 trends that will shape the sector this year — including the challenge of balancing privacy and convenience when it comes to health data.

Security Still Rules

The report reveals a high level of concern among consumers regarding the privacy of their health records and related data. And with good reason, as such records typically contain lots of personal, medical, and financial information — the identity theft trifecta. According to PwC:

  • Of those surveyed, 68 percent were concerned about the security of smartphone health apps
  • Additionally, 78 percent expressed worry about medical data security
  • And 73 percent said security was more important than convenience when it comes to doctor’s notes and diagnoses

Consumers may clearly love the convenience and control promised by technologies such as portable medical devices, electronic health records, smartphone health apps, and wearable fitness trackers. But they also prize the privacy of their sensitive data, which is clear based on PwC’s findings.

Privacy and security may pose serious implications for the health industry. Some 56 percent of consumers surveyed by PwC said privacy and security concerns could crimp communication with their physician or color their decision to participate in a clinical trial. Such attitudes suggest that the ability of doctors to diagnose, and drug companies to conduct research, may be at risk unless the nation’s health industry can reassure an anxious public that their data is in safe hands.

A Prescription for Action

Fortunately, there are actions that organizations can take now to bolster health data security and shore up consumer confidence regarding privacy. These include:

  • Guarding against both internal and external threats to security by scrutinizing every process involved when collecting sensitive data
  • Training employees regularly about the importance of security, data privacy and compliance -- and actively enforcing those practices
  • Getting a handle on the types of personal health data you collect and your regulatory obligations regarding data privacy
  • Investing in file sharing and collaboration tools to secure information and preserve the privacy of health data

Just like physicians, health organizations have an obligation to “do no harm” to the millions of consumers who entrust them with their personal data. And putting in place the right safeguards to ensure privacy while fostering collaboration can help to inoculate the industry against future data breaches.



Steff Gelston

Steff Gelston

Steff Gelston is a professional journalist whose editorial career spans magazines, newspapers, and websites. She spent five years at International Data Group (IDG), including three years as a senior editor at CIO magazine with coverage oversight of IT staffing and the mid-market. Before joining IDG, Gelston was an assistant business editor at The Boston Globe. She has also worked for Inc.com, the Boston Herald, and the Boston Business Journal.