Digital Health Services Face Security Issues

Michael Bruemmer


June 1, 2014

RM0614_ff.ehealthAs mobile and online health care services continue to grow in popularity, consumer engagement with the health care industry has gotten stronger. Thanks to these advances, consumers are now able to engage more efficiently with their health care providers and, in turn, health care providers can offer real-time monitoring and timely feedback.

But while these technologies have various benefits, they are also accompanied by many risks and vulnerabilities that can have a negative effect on a company's relationship with its customers. In fact, according to a study by the Ponemon Institute and Experian Data Breach Resolution, 56% of individuals surveyed are "either very concerned or concerned about the theft of their health-related personal information or insurance credentials." The risk of exposing information from health symptoms to personally identifiable information (PII) or protected health information (PHI) has made many consumers reluctant to use online health services.

Overall, the study found that 58% of consumers consider accessing medical records online to be more risky than other web-based activities, such as shopping, social media or email. Consumers have a strong fear of medical identity theft, likely because the consequences can seem much more insidious than payment fraud and, in some cases, may be life-threatening for the victim.

Data security is critical to user engagement and retention. More than 80% of respondents said they would likely terminate their relationship with a mobile health application or online health resource if their information was breached. In fact, nearly 69% of those surveyed considered security more important than the privacy of their information (selling or sharing data with third parties) and anonymity (ability to be completely anonymous when using the online service or resource).

These numbers reinforce that companies should focus on security and -privacy practices and fully integrate them into their current business structure, especially when a consumer's personal health information is involved. The survey indicated that organizations can increase consumer trust by limiting the collection of personal information needed to use an online health service. Half of digital health service users believe their privacy is protected when they can search health websites without having to provide personal information, for example.

While there is uncertainty as to who should be responsible for protecting the privacy and security of digital health service users-35% believe it should be government, while another 35% say it should be the online health service or mobile app provider-there is also an opportunity for companies to open a dialogue with their customers about privacy and security protocols.

Any health care organization should have a formal data breach response plan in place so they are ready to jump into action if and when an incident occurs. Being prepared includes frequently updating and practicing the response plan to ensure that clear communication channels are in place and everyone within the organization understands their role. Doing so will help mitigate potential damages and, ultimately, put health care organizations in a solid place to build and maintain customer trust.
Michael Bruemmer, CHC, CIPP/US, is vice president with the Experian Data Breach Resolution group.