In today’s information economy, data is currency.
If we all thought about data as if it were money, we’d be much better off because we’d be much more careful about who we share it with and who has access to it. Brick-and-mortar banks use alarm systems, bank guards and steel-walled vaults to physically protect our dollars, so we feel safe letting them protect our hard-earned cash.
But too often we allow our private data to be stored by entities that don’t have the data equivalents of alarms, guards and vaults. The companies we entrust with our private data currency seem to be stuffing it under their digital mattresses and hoping no one breaks in while they’re not home.
No data currency is more private or more valuable to us than our healthcare information, rightly making it the largest privacy concern in this country today. The government incentivizes healthcare providers to adopt electronic medical records and penalizes those who don’t. The authorized electronic sharing of patient information between doctors allows quicker and more accurate patient treatment and saves lives and, eventually, money.
However, if you can’t protect the data, then the supposed benefits don’t outweigh the risks. Policy-makers assumed they could legislate privacy, pushing the American healthcare system to digitize private information before it could ensure security.
Consequently, even the perception that there could be a breach can keep people from seeking the treatment they need. For example, one in every eight patients jeopardize their health to protect their personal privacy by avoiding early diagnosis and treatment and hiding other critical information. The thought of losing control of privacy keeps millions of people from seeking medical attention, especially those with stigmatizing health issues such as cancer, HIV/AIDS, other sexually transmitted diseases and depression.
Electronic medical records are supposed to improve our health, but instead they are contributing to a lack of trust in the medical profession and ultimately a more unhealthy society.
The information privacy and security industries are converging.
If a bank loses our money, there are protection mechanisms like the FDIC to help us recoup our losses, but private healthcare information that becomes public can never become private again. It can cause the loss of job opportunities or income, increased insurance rates or complete loss of insurance eligibility, strained personal relationships and plain old embarrassment.
So what can we do?
The information privacy and security industries are converging. Privacy is the right to determine what information about yourself you share and with whom you share it. Security is the technological ability to enforce privacy, ensuring you have access to and control over reliable, accurate data. The protection of privacy is one of the objectives of security. Confidentiality can only be achieved where privacy and security overlap, inextricably linking the two fields.
(ISC)2 and the IAPP have collaborated to develop webinars, joint events for chapters and continuing education, increasing the resources and services available to professionals in both security and privacy. Whether you work primarily in privacy or security, I suggest becoming proficient in both. An understanding of privacy and security will be necessary to succeed and progress in either field.
It goes without saying that we expect medical professionals to be well-credentialed, but what about the people working to protect your data in healthcare facilities? In the healthcare industry, certifications from privacy and security programs should be highly prized and displayed just like a doctor’s diploma. Rigorous certifications that require continuing professional education, like those earned from (ISC)2 and the IAPP, let patients know that a facility is dedicated to protecting its patients’ rights and invests in training its employees to do so.
Even with the best privacy policies and the best security technology, there is still one thing that can confound our best-laid plans: the human element.
Whether you are protecting electronic medical records, online banking information or just your email account, the availability of information creates risk. Firewalls and encryption may be in place to protect our data currency, but with security, we are often our own worst enemies, bumbling security guards who unwittingly hand phishers and scammers the keys to our vaults.
Everyone who has access to digitized healthcare information needs training on the principles of information security. Without that, even the best security cannot protect your data currency. Education on information security will help people feel confident in their ability to keep their information private and begin to restore the trust that government and corporate breaches have eroded.