Overcoming the Data and Privacy Dilemma for Healthcare Consumers

By David MacLeod

Data, data, everywhere…the practical dilemma is that even as the increasing threat of data security challenges is hitting the front page, healthcare industry leaders and pundits are in nearly universal agreement that far more – not less – consumer interaction and engagement with meaningful healthcare data is necessary to drive significant improvements in healthcare value. 

It’s perhaps analogous to the notion of a person needing water to drink, but the water around them is either saltwater or it potentially contains harmful bacteria. Frustrating to say the least! 

Because of all the recent headlines, “the use of our data” now elicits many emotions – a lingering unease after Facebook mishandled its data of 87 million users, but also a sense of comfort for European Union consumers via the new GDPR regulation which has very specific provisions to give citizens more control over how their personal data is collected and used.

With all the commotion about data, there is a new surge of emphasis on proper data usage. And in the healthcare industry, health plans and providers are – as any rational person might expect - expressing heightened concern and examining their own vigilance. It can be difficult to feel “safe” when you contemplate the awe-inspiring scope of an issue like Facebook’s data privacy breach. Although healthcare organizations endeavor to follow best practices, even the most prepared organizations can be subject to the challenge of data mishandling or even a breach. 

Allow me to put the healthcare industry data security dilemma into practical terms. First, understand that the HIPAA and HITECH Acts establish minimum requirements for compliance with the Security and Privacy Rules, with the intent of these regulations being to define a common baseline across the healthcare industry. Second, understand that these regulations do not set forth best operational practices for assuring the protection of consumer data, nor do they impart a step-by-step security and privacy framework that establishes best practices for the dizzying array of computers and devices that consumers use today to interact with their health plans, doctors, hospitals and pharmacies.

To be sure, there are excellent and capable people, consultants and security-centric companies to drive and share best practices. However, I feel legacy technologies and existing platforms in healthcare will struggle to apply new security advancements at a sufficient rate to mitigate efforts by the “bad people” who plague multiple industries today.

Today’s healthcare consumer-interactive platforms need to be built on the fundamental principle of anonymity with security and privacy engineered into the core design, unlike those based solely on HIPAA. This includes applying the HITRUST CSF security framework and data segregation of PHI/PII from consumer facing capabilities. We began the development of our CaféWell Health Optimization Platform™ from the perspective that there needs to be a better way to deliver both an engaging, personalized user experience and a safe, secure environment that also mitigates risk.

Thanks to our continued emphasis on data security, privacy and risk management, earlier this year Welltok was the proud recipient of the Info Security PG’s Global Excellence Award for Enterprise Security, Privacy and Risk Management. This prestigious global award recognizes cybersecurity and IT companies with advanced, ground-breaking products, solutions, and services that are helping set the bar higher for others in all areas of security and technologies.

As my intent is not to be overly technical, I’ll conclude with this thought. Figuring out how to help consumers benefit from more data about themselves without increasing the risk of exposing their identity is not easy…but it is possible!