Privacy & Security: An Important Concern in the Growing Indian Healthcare Market

By: Shabnum Khan, Founder, 750ad Healthcare

With everything going online, specially post the pandemic, the information security and privacy in the healthcare sector is a matter of great concern.  The procurement of digital patient records, enhanced regulation, provider alliance, and the escalating need for information between providers, patients and payers, all emphasize on the need for better information security in the Healthcare Sector.

Privacy is the fundamental governing principle between a patient and the physician which lays the foundation of effective delivery of healthcare.  Patients are required to share information with their doctors/physicians to enable accurate diagnosis and treatment, especially to avoid unfavorable drug interactions. But in certain situations, patients may be reluctant towards disclosing vital information like in cases of health issues pertaining to psychiatric behavior and HIV out of the fear that their revelation may lead to discrimination and social stigma in some cases.  Over  the time of one’s treatment,  a  patient‘s  medical  record  gathers substantial personal information including history of medical diagnosis, personal identification, digital renderings of medical images, data of treatment received, medication details, dietary habits, genetic information, sexual preference, employment details, income,  psychological profiles, and doctor’s personal assessments of behavioral and mental state among others. Hence, the healthcare industry has a pool of information that if mishandled can lead to serious consequences.

As of the 2018 data available, the Verizon’s annual Data Breach Investigation Report analyzed 1360 security cases involving the healthcare sector worldwide and determined that 58 percent of the instances were caused by individuals from within the organization and 42 percent were triggered by external threats. In fact, according to the data, the healthcare sector is the only sector wherein internal people are the biggest menace to an organization. Amongst the illegal security breaches, healthcare professionals are accountable for stealing patient records and thereby selling them on the dark web. Patient’s data is used to open credit card lines or sometimes the professionals fail to securely place sensitive data, exposing the patients to a larger threat.

Some key steps that the healthcare industry must take as a whole to develop a more secure system are-

1. Improve the security & resilience of IT procedures in healthcare.

There is a need of cultivating transparency so that patients/users can better understand the systems they are using, and asking manufacturers to take larger initiative in handling the security risks during the course of the entire lifetime of the product/platform rather than during just at launch. The healthcare sector must also strengthen the verification methods. Healthcare authorities often use straightforward passwords as their log-in credentials. Instead, all platforms must have a two-step verification approach to passwords that make it more difficult to be breached.

2. Develop the necessary team in order to focus on cyber security awareness and technological capabilities.

The need for recruiting training and retaining cyber security experts in order to develop a strong and secure interface cannot be neglected. It is advisable and important to create cyber security leadership roles within healthcare companies, thereby creating a feasible ratio of cyber security experts to healthcare workers and creating new cyber security training programs with accreditations in the medical sector. The personalized needs of various healthcare providers should be brought into account, along with traits such as group size and existing resources.

3. Identify methods to protect R&D efforts & intellectual property from threats or disclosure.

In several countries including India, a huge amount is invested in the healthcare-related R&D and such heavy investment makes the healthcare industry an ever more appealing target for intellectual property and trade-secret theft.

4. Develop more advanced methods for information-sharing of vulnerabilities, industry threats, & mitigations.

There is a strong need for sharing information about industry threats and it is necessary to have discussions around ways to mitigate the same. We must broaden the scope of safety information broadcasting and encouraging annual willingness by engaging in drills to prepare the industry for attacks.

Apart from the Privacy and Security concerns that are levied online, it is also important that all Healthcare Professionals maintain secrecy and privacy of their patients and in case of maintaining hard paper records, must keep these in secure locations so that any individuals security is not breached. We are in a very tough space currently where COVID-19 has changed the entire scenario and maintaining patient records with thousands of COVID-19 patients being discovered daily, is a very tedious task. While the entire health infrastructure is in a tough spot and working tirelessly to meet the patient care and treatment demands, it is important that simultaneously we also develop teams and cells that keep the data of these patients secure, away from any breach. By the time this virus subsides a major chunk of the country’s population will have their data registered in some or other hospital across the nation and so while the government will have access to a huge amount of personal information, it must also look into securing the same.