Posts

How Healthcare Is Cracking Down on Data Privacy

The COVID-19 pandemic emerged more than a year ago, and come March, the United States will also pass the one-year anniversary of the novel coronavirus’ arrival in our nation. Hospitals have become overrun with patients, having to adjust for space even when they’re at full capacity. The colder months are bringing on more infections as well.

With such high demands on health care providers, technology has been an area of assistance through it all. Telehealth in particular allows patients to stay at home and receive care without putting themselves at risk. However, security and privacy concerns accompany this reliance on technology.

The digital world can be dangerous. Hacks and breaches can occur at any time. The novel coronavirus pandemic has accelerated these attacks. Through August 2020 alone, 305 healthcare data breaches occurred — which is up from 2019’s 136 breaches in the same time frame. These vulnerabilities cannot continue to occur, since health care facilities hold vital patient information like Social Security numbers, medical records and financial information.

The industry is resilient, though. Adapting to new norms and protocols is part of the healthcare field. With the new focus on technology to connect patients and providers through the ongoing pandemic, practices have been cracking down on keeping data safe and secure.

Health Care Industry Adapts

Data presents itself in the health care industry in several ways. Standard patient data includes personal information about health history, relationships and private matters. Other forms of data may include connections from medical devices that use the internet — something like a digital blood pressure monitor may transmit data. Then, providers must store and send this data at various times.

The Health Insurance Portability and Accountability Act sets forth two main regulations facilities must follow. The security rule mandates that the use of all electronic personal health data must be stable in any form or use. The privacy rule indicates that all medical records, insurance information and private data must have the best protection.

In 2017, 477 breaches affected about 5.6 million patient records, breaching what should have been secure HIPAA data. To uphold HIPAA regulations and prevent breaches like these from happening, health care providers have taken several steps.

First, education is crucial. Bringing all staff in on up-to-date privacy protocols will go a long way. For instance, using encryption on mobile devices, backing up all data, creating strong passwords and consistently patching and updating the systems and firewalls are critical for staff to understand.

Access is another form of protection. Multi-factor authentication, like passwords, keys, PINs and biometrics, will keep systems secure and only give access to those who need it the most. Then, facilities can monitor data at all times — unauthorized access, emails and transfers. If something suspicious happens, IT departments can see it in real time and flag it or stop it.

Last, consistent evaluations are more necessary than ever. Health care facilities will want to make sure they comply with industry and privacy requirements, and that staff members know the protocols to follow. Then, data privacy remains a top priority.

The Lasting Impact

Vaccines are slowly rolling out and becoming more available to residents across the world. However, even with a vaccine, global spread will slow gradually, especially in areas where cases are high and rising. For instance, the United States cases are still rising and breaking records daily.

Data will continue to be a central focus throughout the pandemic and afterward. Right now, specifically, with big tech companies facing scrutiny and investigations for privacy faults, data is at the forefront of Americans’ minds. Health care companies must excel in ways that big tech has not.

One sign of progress is new mental health startups popping up that focus on virtual dynamics. With services like Real Therapy or Two Chairs, you can make a virtual appointment. Since privacy is already an inherent part of therapy, data privacy will be critical to integrate into these business models.

Getting Ahead of the Curve

While the pandemic may seem uncontrollable at times, health care facilities have more agency. They can smooth relationships with patients and operate more efficiently with stricter data privacy protocols in place. In an uncertain time, ensuring data security is one of the best things health care providers can do.

5 Data Privacy Predictions for 2021

2020 has been a significant year for data management. As businesses face new technological challenges amid the COVID-19 pandemic, issues of privacy have spent some time in the spotlight. In response, data privacy could see some substantial changes in 2021.

Few people will emerge from 2020 with an unchanged perception of data security. As these ideas and feelings shift, some trends will accelerate while others get replaced. Businesses will have to adapt to these changes to survive.

Here are five such changes you can expect in 2021.

International Data Privacy Standards Will Increase

Privacy concerns over Chinese-owned app TikTok caused quite a stir in 2020. With the TikTok situation bringing new attention to privacy in international services, you’ll likely see a rise in international regulations. China has already announced new security standards and asked other countries to follow.

2020 has cast doubt over a lot of international relations. More countries will likely issue new standards to ease tension and move past these doubts. This trend started before 2020, as you can see in Europe’s GDPR, but 2021 will further it.

Customers Will Demand Transparency

Governments aren’t the only ones that will expect more of tech companies’ privacy standards. Since things like TikTok have made people more aware of what apps could access, more people will demand privacy. In 2021, companies that are transparent about how they use data will likely be more successful.

According to a PwC poll, 84% of consumers said they would switch services if they don’t trust how a company uses their data. Data privacy isn’t just important to authorities or businesses anymore. The public is growing more concerned about their data, and their choices will reflect it.

Security Will Become More Automated

In response to these growing expectations, businesses will have to do more to secure people’s data. Cybersecurity companies are facing a considerable talent shortage thanks to pandemic-related complications, though. The data security world will turn to automation to fix both of these problems.

With so many businesses changing the way they operate, cybersecurity will have to become more flexible too. Automating some processes through AI will allow companies to achieve that flexibility. Security AI is still relatively new, but as it develops, it could take off in 2021.

Security Data Analytics Will Become the Norm

Big data analytics have already become standard practice in many business applications. In 2021, more companies will start using them to improve their data privacy measures, too. With major companies like Nintendo and Marriott experiencing significant data breaches this year, more will turn to analytics to find any potential shortcomings.

No one wants to be the next data breach news story, especially with more people paying attention to these issues now. Data analytics can highlight operational improvements, showing companies how to better their data security measures. With data privacy in the spotlight in 2021, taking these steps is crucial.

Third-Party Risk Assessments Will Be More Crucial

As people demand better privacy protection, businesses will have to consider their third-party partners. Consumers will be more critical of companies giving third parties access to their data. As a result, companies will have to perform more risk assessments on any third party.

Third-party data breaches affected companies like General Electric and T-Mobile in 2020, exposing thousands of records. Customers will expect businesses to hold their partners to higher standards to avoid these risks.

2021 Could Be a Landmark Year for Data Privacy

Data privacy is more prominent than ever before, mostly due to a few notable scandals. Now that the general public is more aware of these issues, businesses will have to meet higher standards for data privacy. Implementing data security processes may cause some disruption and confusion at first, but it will ultimately lead to a safer digital landscape.

All of these changes could make 2021 a turning point for data security. With higher expectations from consumers and authorities, data management will become more secure.

Consider Anonymization – Process Mining Rule 3 of 4

This is article no. 3 of the four-part article series Privacy, Security and Ethics in Process Mining.

Read this article in German:
Datenschutz, Sicherheit und Ethik beim Process Mining – Regel 3 von 4

If you have sensitive information in your data set, instead of removing it you can also consider the use of anonymization. When you anonymize a set of values, then the actual values (for example, the employee names “Mary Jones”, “Fred Smith”, etc.) will be replaced by another value (for example, “Resource 1”, “Resource 2”, etc.).

If the same original value appears multiple times in the data set, then it will be replaced with the same replacement value (“Mary Jones” will always be replaced by “Resource 1”). This way, anonymization allows you to obfuscate the original data but it preserves the patterns in the data set for your analysis. For example, you will still be able to analyze the workload distribution across all employees without seeing the actual names.

Some process mining tools (Disco and ProM) include anonymization functionality. This means that you can import your data into the process mining tool and select which data fields should be anonymized. For example, you can choose to anonymize just the Case IDs, the resource name, attribute values, or the timestamps. Then you export the anonymized data set and you can distribute it among your team for further analysis.

Do:

  • Determine which data fields are sensitive and need to be anonymized (see also the list of common process mining attributes and how they are impacted if anonymized).
  • Keep in mind that despite the anonymization certain information may still be identifiable. For example, there may be just one patient having a very rare disease, or the birthday information of your customer combined with their place of birth may narrow down the set of possible people so much that the data is not anonymous anymore.

Don’t:

  • Anonymize the data before you have cleaned your data, because after the anonymization the data cleaning may not be possible anymore. For example, imagine that slightly different customer category names are used in different regions but they actually mean the same. You would like to merge these different names in a data cleaning step. However, after you have anonymized the names as “Category 1”, “Category 2”, etc. the data cleaning cannot be done anymore.
  • Anonymize fields that do not need to be anonymized. While anonymization can help to preserve patterns in your data, you can easily lose relevant information. For example, if you anonymize the Case ID in your incident management process, then you cannot look up the ticket number of the incident in the service desk system anymore. By establishing a collaborative culture around your process mining initiative (see guideline No. 4) and by working in a responsible, goal-oriented way, you can often work openly with the original data that you have within your team.