In the new era of frequent cyber attacks, healthcare providers are finally stepping up to take an active role toward an increase in data security. According to the 2015 HIMSS Cybersecurity Survey, 87% of respondents indicated that information security had increased as a business priority at their organizations over the past year. For many, this added interest has included bringing on a Chief Information Security Officer (CISO) to manage all data operations.
Aside from the obvious benefits associated with an increase of in-house data know-how, there are several important reasons why having a data security expert at the C-level can have a positive impact on your organization, perhaps most notably within healthcare revenue cycle.
- Data breaches and security risks are more prevalent than ever and their consequences are often disastrous. Due to the automation of clinical records, more and more sensitive patient information is being collected and stored by healthcare providers, making healthcare organizations a prime target for hackers and security threats. In February and March of 2015, health plans for Anthem and Premera Blue Cross were attacked, compromising the health data of 79 million and 11 million people, respectively. In May 2014, the U.S. Department of Health and Human Services hit Columbia University and New York-Presbyterian with a record $4.8 million fine after sensitive patient data was leaked to the internet.
- High level ownership means emergencies can be mitigated swiftly. Traditionally, data security has been seen by the C-suite as a burden — an expense with no direct revenue stream. So, it’s no surprise then that many hospitals do not have even a single dedicated full-time employee in charge of data, let alone someone at the C-level. But, having a trusted high-level employee, like a CISO, with direct access to the CEO is crucial, as data security breaches often require timely action and cannot afford to be muddled with bureaucratic red tape.
- Single ownership increases accountability. Spreading the responsibility of data security over several positions can cause problems, especially when it comes to accountability. The CISO would ideally act as a spokesperson for data integrity, managing the strategic and tactical aspects of the information technology, while acting as a liaison between the business and IT sides of the organization.
- The board will start to demand it, if they haven’t already. Board members are becoming increasingly aware of the need for drastic data security measures, especially since only 11% of board members across industries say they have a “high level” of knowledge about the topic. This means, healthcare providers are ready to hire, but due to the industry’s lack of security interest for many years, CISOs with healthcare experience may be hard to come by. So, providers would be well served to start the recruiting process sooner rather than later.
- Better Protected Data will lead to Cleaner Data. A critical step in securing data privacy is understanding how data is reviewed, processed, and managed across the enterprise. This critical review will surely surface issues with data management and data governance. Ensuring data is clean, accurate and complete will lead to business process efficiencies. Clean data and well protected data will provide better business performance and a more secure environment.
It’s not enough for healthcare providers to take a passive approach to data security any longer. As the complexity of the data collected and stored continues to evolve, an expert is needed to stay abreast of changing technologies. Is a CISO the right fit for your organization? The next step might be to conduct a risk assessment and develop a plan to address the biggest risks from the top down.
Does data drive your organization? Want to learn how to clean up your data right away? Download the Lean Principles, Clean Data and Your Business Office ebook.