Keeping Information Secure Remains Top Of Mind For Health Plans
Security incidents that involve customer or member data are completely debilitating for a health plan’s business. On average, a data breach costs health plans $6.45 million. In addition to insurmountable fines and reputational damage, depending on the type of information disclosed in a breach, many organizations need to pay for credit reporting for the customers the breach impacts. For smaller plans with fewer resources and smaller budgets, all of these things combined or alone can drive a company out of business.
As technologies and companies continue to expand into the cloud as well as technology modernization in data centers, there continues to be technological advances in ways to protect systems and prevent unauthorized access to systems.And as the ways to defend networks and systems improve, so do the methods that hackers use to try to infiltrate the infrastructure of those systems and gain access to data that can be used in devious ways.
Today, sophisticated cybercriminals are not only working to infiltrate the systems, but also the backup system as well, so it is crucial to not just protect data, but also protect those backups and means to recover if security incidents occur. This is where having a strong health plan security strategy comes into play.
When it comes to disaster recovery, companies should look to their overall architecture and design to ensure they have high availability and redundancy in their systems; there must be backups and recovery means in place as well as disaster recovery plans. It is imperative to test those plans on a consistent basis as you must plan and prepare for the worst case.
Certifications like SOC2 Type2 and HITRUST prove that a health plan has achieved a high level of maturity that safeguards company and customer information. However, these certifications require significant time, executive commitment, and cost money and time. Onthe environment front, a health plan must ensure their systems and networks are secure and safe, and the policies and procedures in place are efficient and effective. Audits are time-consuming; it requires going through logs of information, validating that you’re following proper protocols and guardrails set up within each specific certification. It can take months of procedural validations to confirm you are aligned with controls of a certification.
Most leaders in healthcare are aware that it is vital to have security standards in place. But in my experience, it is the people or teams involved in day-to-day healthcare activity that must retain their focus on the importance of security. For payers of all sizes, but especially smaller organizations with limited resources and personnel, it is crucial that health plans have security training in place, so that all of the employees understand the importance of data privacy. A solid security approach should also include Security newsletters and reminders to end users on safe guarding data and the correct security procedures.
Security around customer data is important to the business as well as the members. And without that in place, you’re putting your business at risk. Health plans are stewards of their members’ data and must do the right thing to maintain privacy and protection against that data.