Improving patient outcomes has been top of mind for some time now in the medical field. Even before the Covid-19 pandemic, insurance providers and healthcare facilities were rushing to keep up with the constantly changing needs of an aging population.
It’s pretty obvious the healthcare landscape is transforming, and it’s all down to data. Healthcare data governance represents a fantastic opportunity for growth, if harnessed correctly. Most of the major healthcare providers are bracing for digital transformation and some of the smaller providers are already coming around to the idea that good data saves lives.
The role of data is most important in the sphere of value-based care. Value-based care is a model of healthcare that values patient outcomes over the quantity of treatment delivered. It’s an incentive structure designed to nurture patients through a health care system toward the best possible outcomes.
Healthcare providers, physicians and pharmacies are encouraged to consider this model, it’s about providing medical treatments that ultimately lead to better outcomes for the patient.
The major drawback of course is that most of the data is PHA (protected health information) and PII (personally identifiable information) that healthcare providers are legally required to protect under privacy laws like GDPR, CCPA and HIPAA.
The dilemma is obvious: how do healthcare leaders offer the best possible outcomes to patients while guaranteeing the anonymity of said patients?
Any data governance solution operating in the healthcare space must:
Not a simple task, by any means.
The scenario is the same whether it’s an outpatient clinic, clinical research lab, or pharmacy. The task is to provide data security, protect sensitive information, but also use said information to make informed decisions.
“We needed to understand how we could leverage data that was forming in electronic medical record systems, claim systems, and pharmacy claims systems to really see the impact of new treatments,” eMichelle Hoiseth, Chief Data Officer of Parexel, in a xplains recent interview.
So why would a healthcare provider or a business working in the medical field implement an advanced data governance policy?
Most healthcare organizations have multiple databases of both structured and unstructured data. The challenge is to group that data into a single platform that’s definable and accessible. It’s also a major challenge to ensure the anonymity of intellectual property and research data, which definitely contains PHA and PHI information.
One example of this is the pharmaceutical industry, medical trial data includes trial patient data, which is classified as personal information, and also pharmaceutical research data, which is intellectual property. To confuse this, there are probably multiple versions of anonymized data within that data set.
This now creates multiple sets of the same data. Duplication of data is even more common as patients move through the healthcare system and visit more than one physician or visit multiple facilities. This is where a homogenized data governance platform comes into its own because it negates the chance of having multiple data sets on multiple systems.
Storing the same data on multiple systems can cause:
Eventually, this bifurcation of data and patient information systems will lead to unintentional non-compliance; it is an inevitability of a decaying system.
It’s no surprise that this data is highly valuable to cybercriminals. Getting their hands on PHA or PHI is the ultimate prize. Because of this, federal and state governments have put regulations into play that impose fines on non-compliant entities.
In all honesty, whether you’re a large healthcare provider like Encompass Health or a small dental practice in a retirement enclave, there’s a very good chance you handle data controlled under federal and local data laws.
No matter what the size of the organization, they can easily fall foul to some of the most common data compliance regulations, like:
Is no surprise that in recent years hackers and cyber criminals have targeted PHI data. It’s valuable, easily recognisable, and can be sold on the black market to unscrupulous bad actors.
Just recently, Magellan Health had to pay out an eye-watering fine of $1.43 million after a data breach that put 270,000 patient records in the hands of cybercriminals.
The data included Social Security numbers, prescriptions, healthcare plans, identification numbers, authorization IDs, and patient diagnoses. Magellan said they couldn’t rule out this data had not been exfiltrated from the system during the breach.
The cause of this breach?
A single compromised employee email account…
Statistics show that:
Clearly, the criminals want this data. Their intention is to obfuscate overworked healthcare professionals and breach the system. Our duty is to stop this before it begins. We simply can’t afford to lose medical data and risk the ire of federal governments.
As medical data breaches reach fever pitch, so too will the laws clamping down on such activity. We have a duty to patients and lawmakers, to prove that healthcare in 2022 and beyond isn’t a data breach risk.
The only way to do this, is to understand the data at an intrinsic level, cut waste and build a clearer picture of patient information.
.svg)
