top of page

The Skyrocketing Volume Of Healthcare Data Makes Privacy Imperative

By Nick Culbertson Aug 6, 2021

Source: Forbes

Photo Source: Unsplash, Carlos Muza

After an explosive year for telehealth utilization, contact tracing, outbreak tracking, virus testing, remote work, and medical research, it’s safe to assume that the estimate turned out to be low, and healthcare is generating even more data than the organizations protecting it anticipated or prepared to handle. Drowning In Vulnerable Data While accounting for a rapidly multiplying amount of data — and data that is highly sensitive in nature — healthcare is uniquely ill-equipped to protect it. An International Data Corporation report sponsored by Seagate Technology delivered this blunt assessment: “IT investment in healthcare is among the lowest of all industries. As a result, IT departments have difficulty catching up with data management challenges, let alone investing in advanced architectures, edge computing, robotics, and other necessary technologies.”

The conclusion won’t surprise anyone familiar with healthcare’s bureaucratic intricacies and its cautious adoption of new tools. When competing with direct patient care initiatives for limited budget, basic data privacy measures tend to take a backseat — let alone more resource-intensive efforts to harness the rich clinical and operational insights that data can provide.

As their data loads swell, though, health system leaders are being forced to realize the consequences of sidelining investment in IT improvements. We know from my organization’s annual Breach Barometer that in 2020, publicly reported hacking incidents affected more than 31 million patient records, and ransomware attacks, in particular, more than doubled from 2019.

Many organizations hit by hackers ended up reverting to paper records for indeterminate stretches of time, too often leading to patient diversion, revenue loss and jeopardized trust. Months or years down the line, affected systems could still be battling reputational damage and lawsuits related to the incident.

Patient data isn’t just alluring to hackers wanting to turn a profit on the black market or squeeze ransom payments out of large organizations; it can also be misused by the average employee who has been entrusted with access. At one Cedar Rapids, Iowa-based hospital in 2017, a then-patient care technician illegally accessed and shared the medical records of her ex-boyfriend (who wasn’t her patient), essentially weaponizing them against him.

Sadly, similarly inappropriate access isn’t uncommon, as evidenced by the fact that my organization found healthcare insiders were responsible for 20% of all breaches in 2020. The finding underscores that as healthcare organizations amass greater and greater quantities of sensitive, highly sought-after patient data, the assorted threats to keeping it private are growing in lock-step.

What To Do With All This Data The vast quantity of data at health systems’ fingertips is extremely vulnerable, but it also wields an enormous amount of power. It can be harnessed to solve any number of problems, from clinical challenges to operational challenges.

To tap into the insights that patient data holds, it’s imperative that healthcare organizations prioritize investments in health IT, blockchain and analytics, as the International Data Corporation concluded. However, in their endeavors to leverage patient data, health systems must also ensure its privacy to prevent costly breaches and their various consequences.

Fulfilling this obligation will specifically require strategic investment in analytics that use artificial intelligence and automation to audit access to patient data and that alert compliance professionals to the most suspicious events with high accuracy. This kind of advanced technology strategy can help mitigate risks associated with mass quantities of patient data, while also helping organizations leverage it in a way that improves operational efficiency and financial stability.

When determining whether a privacy solution is worth investment, health systems should consider metrics such as false-positive rates, reduction in privacy violations over time, full-time equivalent requirements and case resolution times. It’s also important to select a vendor that not only understands the healthcare landscape but builds its product roadmap to meet health systems’ evolving needs.

Despite the data explosion that will certainly continue in an era characterized by remote work, telehealth utilization and electronic prescribing, advanced analytics can give healthcare organizations a fighting chance to effectively protect patient privacy. For those who fail to prioritize investment in next-generation solutions as the volume of sensitive data grows, a financially and operationally crippling incident is just one improper access away.

How is your medical data monitored? How is your medical data at risk? How is this a privacy risk? How does this impact your health?



If this article was helpful to you, donate to the Shidonna Raven Garden and Cook E-Magazine Today. Thank you in advance.




bottom of page