Patient Centricity’s New Call to Action - Protect the Data!

Attention Chief Medical Officers, Chief Patient Officers, & Patient Advocates

Data breaches are not new. In November 2022, Senator Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, published a policy option paper outlining cybersecurity threats facing the healthcare industry. The paper found that cyberattacks had occurred over the last decade and had risen exponentially, reaching an all-time high in 2021.

In 2024, it seems as if data breaches have become a weekly norm and the industry appears numb to the news or simply accepts them in the mix of business. Where’s the outrage?

It’s time for the healthcare sector to get real about “patient centricity” and recognize the real cost of cybersecurity threats and data breaches. It’s not about the impact on a healthcare system, payor, or a pharmaceutical brand, the focus must be about the patient and a free credit report as compensation is not the answer.

Cybersecurity and patient centricity are two critical aspects of modern healthcare that must be harmonized for optimal patient outcomes and organizational resilience. It safeguards the confidentiality, integrity, and availability of patient data and healthcare systems, while patient centricity places the patient at the core of care delivery, ensuring their needs and preferences are prioritized.

Further regulatory is not the answer. Both HIPAA and the Patient Bill of Rights already mention or require digital protection for the patient. NIST’s latest updates to the Cybersecurity framework have also made it easier to implement and manage such precautions. Given the frequent breaches, how many organizations are truly following best practices and investing adequately in security?

As an industry, we must get past viewing cybersecurity as a cost center, when in reality, it is a component of patient centricity and a very critical element to establishing trust with patients.

We have witnessed clients pushing cybersecurity costs aside, viewing it as unnecessary or beyond a project budget. There needs to be alignment between Business, CIO, CSO, and CFO for proper planning and budgets. We only have to look at the cost and impact of recent breaches to determine that the cybersecurity investments of today are far wiser than the costs entailed with a breach.

As a Product Owner, Chief Medical Officer, or Chief Patient Officer, what can you do? 

Engage your CIO and CSO on the subject matter, raise your concerns, and ask them what they are doing on Cybersecurity for your initiatives involving patient data?  

More than likely, your concerns on data breaches are just as important to them. Based on a recent CIO.com article “10 projects top of mind for IT Leaders today”, Cybersecurity ranks second, just behind AI/ML.

As a project owner or patient advocate, you have the power to create a cybersecurity aware organization by addressing 4 areas of focus: 

1) Balance Security and Convenience:

Strike the right balance between strong cybersecurity and easy access to healthcare is crucial. Tight security makes it harder to get care, while convenience can leave data vulnerable.

Take a risk-based approach, finding important data and using security controls that fit the risk. User-friendly tech like biometrics and single sign-on can improve both security and ease of use, making it easier for patients to get care while keeping their information safe.

2) Empower Patients through Secure Data Access:

Putting patients in control of their care (patient centricity) requires secure access to health records. Secure portals and apps let patients see test results, book appointments, and message providers, boosting their involvement and self-care.

These tools need strong defenses against cyberattacks to keep patients trusting the system and avoid data breaches. This means using secure logins, data encryption, and regular security checks to protect patient data while still offering convenient access.

3) Foster a Culture of Cybersecurity and Patient Safety:

Building a culture that prioritizes both cybersecurity and patient safety is key. Healthcare organizations should train all staff in cybersecurity to create a shared responsibility for protecting data and systems.

At the same time, they should promote a patient-centered approach, encouraging open communication and teamwork between security, clinicians, and patients. This approach ensures security measures consider patient needs and experiences, minimizing disruptions to care.

4) Collaborate and Share

Tackling the complex challenges of cybersecurity and patient control requires collaboration. Healthcare organizations should join industry efforts, sharing best practices, threat intel, and lessons from cyberattacks.

Working with patient groups and getting patient feedback can also help develop secure, user-friendly solutions that meet patient needs and expectations, building trust and improving care overall.