I'm curious about articles that are predicting what will happen in the healthcare sector in 2015. Did I miss the crystal ball giveaway? I would love to learn some lottery numbers, besides what was printed on last week’s fortune cookie.
If there was ever a business sector that redefines the word “unpredictable,” it has to be healthcare. Medical coverage for everyone? Where’s my Café au Latte and baguette? I feel like I’m Europe. ICD-10 deadlines pushed back…what is “Groundhog Day!” The United States Postal Service compromised thousands of customer’s sensitive information; is anyone really surprised by this one?
How can anyone predict the business practices of an industry that has too many cooks in its kitchen? Maybe ACA will be repealed. Maybe ICD-10 will be delayed. Maybe the Republican senate will storm in and take no prisoners. Maybes.
If there is one thing that is almost certain, it’s that technology will continue evolve (maybe the Portland Trail Blazers will win a title); the evolution of technology always results in more available devices to consumers and we see upgrades happening at alarming speed.
Healthcare is quickly descending into a BYOD landscape – numerous articles and studies show physicians are using their own devices to communicate with patients. Surely they’re not the only ones.
What about my best friend who is the patient access manager for my physician, who I texted regarding a test result when I missed the call from my doctor, her boss? Now, no one transmitted my social security number or bank account, but had a cyber-criminal stole my friend’s phone, they would have had my name, address, phone number, and the fact that I had just had some lab work done. None of us intentionally set forth on the path of a potential data breach, but it could have easily happened.
Human error and the best intentions have been and will continue to be the cause of data breaches in 2015. Despite the numerous amount of publicity around this topic, it is not going away and I think we will continue to see an increase in data breaches. I know this, not because I found a crystal ball at an after Christmas sale, but because humans are flawed. And for each flawed person, there are a dozen more who want to take advantage of them.
I am guessing when the powers that be at the Home Depot read the article about Target’s data breach, they thought, “suckers.” The same goes for PF Changes, Chase, USPS, Dairy Queen, Sally’s Beauty Supply, Michaels, Jimmy Johns, NYU, Montana Department of Public Health, Community Health Systems, Aventura Hospital, St. Vincent Breast Center, University of Pittsburgh, LA County Department of Health, St. Joseph Health Systems…it’s a long list.
You can spend time reading about trends, shaking your head at the offenders, and then go about your day. Or rather than being reactive, we can be proactive. No two breaches are identical. Identify your weakest link, educate your staff, examine responsibilities and tailor education that is applicable to each department. Create individualized policies and procedures by organizational branch. Who has the money right? Spending the money on a risk assessment and staff training is far cheaper in the long run.
The average cost of a breach in the US (the costliest country), is $195 per record. The cost of staff training is roughly $30 per person. One thing I am certain of, that is not where you want your revenue to go.
Now where did I put that post it note with my passwords?