A new healthcare security paradigm is needed to make PHI data valueless
Anthem's 2015 data breach exposed the records of more than 80 million people, many of whom were not even Anthem customers. Anthem handled records for some independent insurance companies, and the private information of those customers was also released in the breach.
A hospital environment generally has more data security, but when insurance organisations, outpatient centres, physical therapists and home healthcare workers have access to Protected Health Information (PHI), there is less robust security in these collaborative environments outside the perimeter of the hospital. In the future, the degree of this collaboration between healthcare professionals and payers will only increase. Government and private healthcare organisations will try to reduce costs by using more preventative medicine and outpatient healthcare services to keep patients out of the hospital.
The fundamental problem with today's approach to healthcare data is that PHI is linked to real names, DOBs, addresses and Social Security numbers. The truth is that we can improve data security, but probably only incrementally, and as technology gets more complex there will always be ways to penetrate security and access data that can be sold—identity theft is a very lucrative business. With HIPAA requirements, small healthcare organisations are held to the same standards as large ones with much more financial resources. We need a new paradigm, and that paradigm is to make the data valueless