How Healthcare Can Manage Compliance with Fine-Grained Protection

The following is a guest article by Marlena Herrera, Director at Protegrity

Healthcare organizations are becoming more lucrative targets for hackers, as their data is rich with extremely sensitive information and is often susceptible to vulnerabilities. In the same step, the number of regulations governing the sector has grown in complexity, which stems from movements including the HIPAA Right of Access Initiative and fallout from the reversal of federally protected abortion access. Combining this with the increasing number of digital-first health applications and services on the market, protecting data at every touchpoint is mission-critical.

As a response to the current volatile environment, many organizations are locking down their data to ensure complete protection. However, locking down data has serious implications for innovation, creating better customer experiences, and generating growth. Striking the right balance between protecting data and garnering insights from it is a difficult line to walk, and many organizations sacrifice innovation for protection. Yet, this trade-off is not necessary, they can co-exist with technology like fine-grained data protection.

Understanding Fine-Grained Data Protection

Fine-grained data protection protects data at its source and provides the ability to control the end-user experience with extremely sensitive information based on the intended users’ permissions. Therefore, only exposing the sensitive data the person or teams are required to see to complete their activities can be applied across hybrid environments, no matter the size of your organization. For many, fine-grained data protection and other access controls can be implemented by third-party organizations that specialize in data protection. Other offerings, like role-based access controls (RBAC), often set their permissions parameters on one or two properties, whereas fine-grained data protection can set parameters based on a multitude of properties. In healthcare, unauthorized access translates to compliance failures, potential lawsuits, additional financial losses, and even weakened brand reputation and loss of customer trust.

Let us look at an example of how healthcare can implement fine-grained data protection to better manage meeting growing compliance standards, while also allowing the data to be protected and useable.

Healthcare’s most valuable data is their patient or policyholder data. To a hacker or bad actor, one person’s medical file holds the information necessary to commit many crimes, including identity theft, the misuse of Medicare or Medicaid benefits, and even filling existing prescriptions for controlled substances. With fine-grained data protection, when a new or existing policyholder or patient enters the system, the information the billing team needs is not relevant to the provider and vice versa. Based on their permissions, the billing team may only be able to access critical information including the policyholder’s billing address and payment information. The policy can be further refined based on the role of the team member, their job function, or the way they experience the fine-grain protected data. 

By ensuring that patient data is accurate and accessible to necessary users, healthcare can make better decisions about how to best serve policyholders. And, when policyholders know their data is protected at the source, trust can continue to be developed. Developing trust is the best way for healthcare insurers and providers to reduce churn rates, particularly as most Americans (70%) feel failed by the healthcare system.

Creating a better customer experience in healthcare data drives additional initiatives that build a stronger innovation pipeline. By analyzing policyholder data trends, health insurers can learn where their resources are over or underutilized and adjust as needed to better balance their initiatives. Focusing on these trends in real-time also means your organization can take policyholder feedback into account quickly and streamline internal processes.

The Cost of Unprotected Data

Every organization has a different standard for data protection. The hard truth is that healthcare insurers cannot afford another breach of data and consumer trust with over 5.5 million individuals affected just this past September, primarily through unauthorized access or general hacking activity, according to the U.S. Department of Health and Human Services data breach portal. The steady stream of lawsuits trickling in from the fallout of these breaches will no doubt take millions of dollars in revenue to recover from once lawsuits and other regulatory costs pile up, not including the value lost from each policyholder that switches to a different provider or insurer.

In 2022, DigiCert found that 47% of consumers stopped doing business with an organization once trust was lost in the organization’s digital security. The way many healthcare insurers are protecting policyholder data is not working – and the policyholders are facing the brunt end of the breach as their personal data is publicly accessible without recourse. Even more, with the SEC’s newest cybersecurity rules, sectors and organizations of all types – including healthcare – must disclose material cybersecurity incidents within four business days from the date the incident is discovered as having an impact on private or public safety. Additionally, under these rules, organizations must share a yearly update on their efforts to identify and deter material cybersecurity breaches.

When data is your most valuable asset, protecting it should not come at the cost of innovation or creating better customer experiences. Solutions like fine-grained data protection are essential to helping healthcare insurers navigate the increasingly volatile cyber threat landscape as federal and sector regulations continue to work towards holding organizations accountable for the data they collect.

About Marlena Herrera

Marlena Herrera is a Director, Customer Success, with a focus on highly regulated industries such as healthcare, insurance, and the Department of Defense [DoD] at Protegrity. With over a decade of experience in systems engineering, data protection, and customer success, Marlena leads Protegrity’s customer success arm, establishing processes to enable better customer experiences for industries with sensitive data-rich industries.

Get Fresh Healthcare & IT Stories Delivered Daily

Join thousands of your healthcare & HealthIT peers who subscribe to our daily newsletter.