October 5, 2022
Improving patient outcomes has been top of mind for some time now in the medical field. Even before the Covid-19 pandemic, insurance providers and healthcare facilities were rushing to keep up with the constantly changing needs of an aging population.
Good Data Saves Lives
It’s pretty obvious the healthcare landscape is transforming, and it’s all down to data. Healthcare data governance represents a fantastic opportunity for growth, if harnessed correctly. Most of the major healthcare providers are bracing for digital transformation and some of the smaller providers are already coming around to the idea that good data saves lives.
The role of data is most important in the sphere of value-based care. Value-based care is a model of healthcare that values patient outcomes over the quantity of treatment delivered. It’s an incentive structure designed to nurture patients through a health care system toward the best possible outcomes.
Healthcare providers, physicians and pharmacies are encouraged to consider this model, it’s about providing medical treatments that ultimately lead to better outcomes for the patient.
Privacy Is The Main Issue
The major drawback of course is that most of the data is PHA (protected health information) and PII (personally identifiable information) that healthcare providers are legally required to protect under privacy laws like GDPR, CCPA and HIPAA.
The dilemma is obvious: how do healthcare leaders offer the best possible outcomes to patients while guaranteeing the anonymity of said patients?
Any data governance solution operating in the healthcare space must:
- Protect all data at source
- Maintain compliance even when local data laws change
- Allow users to optimize the patient experience via data discovery
Not a simple task, by any means.
The scenario is the same whether it’s an outpatient clinic, clinical research lab, or pharmacy. The task is to provide data security, protect sensitive information, but also use said information to make informed decisions.
“We needed to understand how we could leverage data that was forming in electronic medical record systems, claim systems, and pharmacy claims systems to really see the impact of new treatments,” eMichelle Hoiseth, Chief Data Officer of Parexel, in a xplains recent interview.
What Is Data Governance In Healthcare?
So why would a healthcare provider or a business working in the medical field implement an advanced data governance policy?
It Guarantees A High-Quality Level Of Analysis
Most healthcare organizations have multiple databases of both structured and unstructured data. The challenge is to group that data into a single platform that’s definable and accessible. It’s also a major challenge to ensure the anonymity of intellectual property and research data, which definitely contains PHA and PHI information.
One example of this is the pharmaceutical industry, medical trial data includes trial patient data, which is classified as personal information, and also pharmaceutical research data, which is intellectual property. To confuse this, there are probably multiple versions of anonymized data within that data set.
This now creates multiple sets of the same data. Duplication of data is even more common as patients move through the healthcare system and visit more than one physician or visit multiple facilities. This is where a homogenized data governance platform comes into its own because it negates the chance of having multiple data sets on multiple systems.
Storing the same data on multiple systems can cause:
- The creation of multiple data infrastructures, some of which become obsolete before others
- The creation of human error as data is transcribed from one data set to another, manually.
Eventually, this bifurcation of data and patient information systems will lead to unintentional non-compliance; it is an inevitability of a decaying system.
It’s no surprise that this data is highly valuable to cybercriminals. Getting their hands on PHA or PHI is the ultimate prize. Because of this, federal and state governments have put regulations into play that impose fines on non-compliant entities.
In all honesty, whether you’re a large healthcare provider like Encompass Health or a small dental practice in a retirement enclave, there’s a very good chance you handle data controlled under federal and local data laws.
No matter what the size of the organization, they can easily fall foul to some of the most common data compliance regulations, like:
- General Data Protection Regulation (GDPR) European Union law that protects the privacy of data
- Health Insurance Portability and Accountability Act (HIPAA): US federal law that protects data privacy of patients
- California Privacy Rights Act (CPRA): California state law that protects consumer data.
Is no surprise that in recent years hackers and cyber criminals have targeted PHI data. It’s valuable, easily recognisable, and can be sold on the black market to unscrupulous bad actors.
Just recently, Magellan Health had to pay out an eye-watering fine of $1.43 million after a data breach that put 270,000 patient records in the hands of cybercriminals.
The data included Social Security numbers, prescriptions, healthcare plans, identification numbers, authorization IDs, and patient diagnoses. Magellan said they couldn’t rule out this data had not been exfiltrated from the system during the breach.
The cause of this breach?
A single compromised employee email account…
Statistics show that:
- 91% of data breaches are financially motivated
- 66% of those breaches involved personal information
- 55% of those breaches involved personal healthcare information
Clearly, the criminals want this data. Their intention is to obfuscate overworked healthcare professionals and breach the system. Our duty is to stop this before it begins. We simply can’t afford to lose medical data and risk the ire of federal governments.
As medical data breaches reach fever pitch, so too will the laws clamping down on such activity. We have a duty to patients and lawmakers, to prove that healthcare in 2022 and beyond isn’t a data breach risk.
The only way to do this, is to understand the data at an intrinsic level, cut waste and build a clearer picture of patient information.