In this issue of Health Management Technology, we devote special attention to the cyber attack on Anthem Insurance, the latest reminder that the chief ingredient of quality care – patient information – is highly coveted outside our industry by nefarious individuals, organizations and even foreign governments.
While I will defer to the experts we contacted to comment on the nature, scope and implications of the breach (you can find their insights within our expanded Compliance section), I would like to suggest that our industry refrain from the Chicken Little mentality that seems so prevalent because, contrary to popular opinion, the sky is not falling. Look at it closer. It’s opening.
If we wipe away the years of accumulated fear and uncertainty surrounding the herculean task of protecting patient information, we can focus on the reality of the situation: The healthcare industry cannot act as the sole protector of the data it creates. Don’t be embarrassed by this admission. Embrace it. Drop the pretense that our industry ought to be capable of such an undertaking on its own. Let’s use this climate of uncertainty to our advantage by seeking stronger partnerships outside our field. Let’s go find people with tremendous resources, knowledge, experience and skin in the game that are not the same as ours, but who share our desire to protect our customers’ personal information. If you think there are not legions of compatriots in our cause, try to name a sector that is not terrified that tomorrow is the day they become victim to what seems to be an inevitable crime. There are great minds outside healthcare that can help us. We just have to find them.
One set of partnerships that healthcare should work to galvanize is with local, state and federal government agencies. Yes, I know. Many feel that healthcare’s not-so-functional relationship with the government is one of the reasons patient data breaches are so difficult to mitigate in the first place. However, it is without question that the security of patient data is tantamount to our physical security, and government agencies at every level have the duty to protect citizens and their property. We need to push for their support immediately. Together, the two entities should create a national plan of action that not only protects our data but also punishes those who unlawfully gain its access. A precedent for such support was made by the Obama administration when it created economic sanctions against the government of North Korea for its suspected involvement with the Sony data breach. If a film executive’s email about Angelina Jolie’s marketability warrants federal protection, then our patients’ medical records do as well.
In addition, healthcare must create better relationships with security experts from other industries such as retail, entertainment and finance. A quick review of national headlines demonstrates that data breaches are in no way a problem exclusive to healthcare organizations. Why can’t our industry be open to the ideas, as well as the data standards, of other fields? Why can’t healthcare lead the charge for more inter-industry collaboration among IT security? Why can’t we be the driving force behind the creation of a new, global approach to data protection?
Finally, and possibly most obviously, the healthcare industry members fighting on the front lines of this battle must truly partner with one another. Instead of tolerating the divisions that seem to be present at every level of decision making within our field, we should make more substantial efforts to leverage our various perspectives, not promote our personal agendas. We are all in this together, so we have to decide together if the sky is falling and the end is near for us all, or if this crisis offers unique opportunities to grow in ways that otherwise would not be possible. Believe it or not, the choice is ours to make.