Data Privacy Is Dead. Forget About It.
On Sunday, January 28, we officially observe Data Privacy Day. But the fact is: data privacy is dead. Countless data breaches and hack attacks over the past decade have proven your info just isn't safe.
Can better technology solve the problem? Will stricter regulations like Europe's GDPR make a difference? Can "best practices" ever be good enough? Perhaps.
But developing and implementing those solutions takes time. In the meantime, huge vulnerabilities remain and our data -- yours, mine, and everyone's -- is at risk.
Healthcare Industry Struggles To Protect Our Data
Consider, for example, news announced today in the Protenus Breach Barometer: Approximately 5.6 million patient records were breached in 2017 alone.
Protenus has a solid grasp on the severity of the problem. It makes an artificial intelligence platform used by medical centers to analyze every single action inside a medical record system. Its Breach Barometer is considered to be the definitive source for health data breach reporting.
The company says that, on average, the healthcare industry experienced more than one health data breach per day in both 2016 and 2017. There was a slight increase in the number of breaches reported, from 450 in 2016 compared to 477 in 2017. For both years, though, the numbers are frightening.
In 2016, Protenus reports that 27,314,647 patient records were affected by data breaches -- that's over five times greater than the number of records affected in 2017, thanks to several large hacking incidents in mid-2016.
While some numbers are going up, others are going down. Yet it almost doesn't matter, since the problem is still so severe.
A 'Terrifying Challenge'
One important note is that breach vulnerability isn't all about hackers infiltrating data centers from the outside. Protenus says the single largest health-records breach reported in 2017 was the result of insider-wrongdoing, when a Kentucky hospital employee inappropriately accessed the billing information of 697,800 patients over multiple incidents.
"Looking across all incidents in 2017," Protenus says, "insiders were responsible for 37% of the total number of breaches this year. In one particularly egregious incident of insider-wrongdoing, a hospital employee was snooping on patient information for 14 years before the breach was discovered."
That breach affected 1,100 patient records and it shows how detrimental insider threats can be for a healthcare organization. "While hacking incidents are often quickly discovered because of the immediate disruption they have on an organization's day-to-day operations, insider threats can remain undiscovered for long periods of time," Protenus warns. "On average, it took 308 days for an organization to discover it had suffered a breach in 2017."
That's almost a year -- nearly 10 months of patient data being exposed before the typical breach is discovered. Discovery of breaches remains a "terrifying challenge" for health providers everywhere.
Long Road Ahead
The Protenus report concludes that business associates and third-party providers also remain a major source of healthcare data breaches. "53 of the reported incidents, totaling 647,198 records breached, were the result of business associate or other third party access to health data."
The bottom line: We still have a long, long way to go before data privacy is real and reliable. For now, it's dead... not happening... so don't assume your data will be safe.
Of course, we can't really forget about it. Instead, we should use Data Privacy Day as a day to check our own security systems, check our own privacy settings, and remember, it's just a start.
The risks are real and data protection needs to be a top priority not only for healthcare providers, but for all enterprises and government entities, as well.
D. Kellus Pruitt DDS:
Posted: 2018-01-30 @ 5:20pm PT
@mitchd123: If electronic dental records are both more expensive and less secure than paper records; and fail to provide patients any tangible benefits over paper - which has a long, long track record for economy and safety - how can you discard it as a solution?
More than half of US businesses have been hit by ransomware - many more than once. 60% of small businesses (like dental offices) fail within 6 months of reporting a data breach.
You are simply wrong. Besides, the business of dentistry is far less complex than physicians' practices. Dental practices have successfully functioned without computers for decades.
Posted: 2018-01-30 @ 10:45am PT
Every day new innovation brings new solutions. For example decades ago we did not have blender technologies for bitcoin, etc. For example, we may stop providing doctors the patient names and use a unique key. Then allow patients to maintain privacy over their own records, interface with an insurance company directly to see actual rates, etc. eg: Today you'll be meeting with a 65 year old patient, and here are the patients non-identifiable records. Force insurance companies to provide a public rate for anyone who signs up, good or bad. Make the health insurance system, blind like the justice system. A simple DNA screen from an ancestry company may result in an entire lineage being disqualified from insurance due to potential illness. Privacy is essential to equitable health care.
@Kellus Pruitt DDS: Paper is not the answer. Try to do a study on dental fraud via paper, or move to another dentist, or a study on the impact of different chemicals in fillings for durability, etc, etc. Knowledge is power when it is unlocked and shared.
D. Kellus Pruitt DDS:
Posted: 2018-01-26 @ 2:25pm PT
Dentists should stick with paper records. They are not only safer than digital, but paper records are also cheaper. Besides, EHRs offer dental patients NO TANGIBLE BENEFITS over paper.