The Challenges of Communicating Health Data Security
March 17, 2015
March 17, 2015
Last month’s massive security breach of leading health insurer Anthem Inc. gave reason for many to worry as hackers accessed up to 80 million electronic health records from patients. This compromise of social security, employment, and personal information is only the most recent contribution to an ongoing conversation about the industry-wide vulnerability of Health IT.
In addition to the enormous responsibility insurers and providers face with regard to protecting the privacy of patients, the risks associated with electronically storing valuable medical and financial information exposes multiple challenges from a communications perspective.
Most immediately, and perhaps most dauntingly, providers and their communications teams must prepare for and respond to crises, such as a large-scale security breach. Anthem provides an interesting case study, as detailed in an evaluation of the company’s response to the situation from the Wall Street Journal. Upon discovering the breach, Anthem notified the federal government and within days publicly announced the crisis.
“Anthem’s own associates’ personal information – including my own – was accessed during this security breach,” writes the insurer’s CEO in a letter to its members. “We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.” While many praise Anthem for its transparency and empathetic apology in response to the breach, others contend that such a swift effort to speak resulted in vague communication that didn’t properly inform people about the extent to which their records were compromised.
While the looming possibility of a breach requires careful crisis planning and action, healthcare IT also presents the subversive challenge of communicating health data security when everything seems to be running smoothly. This rings especially true while navigating a media landscape that puts such a focus on how to best protect a patient’s privacy.
In contemplating this issue, health insurers and providers face a paradox in weighing the risks of speaking publicly about their safeguards. While it may seem ideal for organizations to position themselves as thought leaders within a competitive industry, the potential for attracting unwanted security threats from those eager to pull off a technological heist is enough of a reason to remain strategically silent on the topic.
If organizations do choose to highlight their leadership during what some may already be dubbing ‘The Year of the Healthcare Hack’, insurers and providers certainly won’t want to reveal too much information about their technologies. Publicly, they can communicate that privacy and continued evaluation of best practices are a top priority as they continue to heed the recommendations of security experts. It may also be a good idea to reassure patients through internal newsletters of their progress in maintaining the safety of health records. As the dust settles in the aftermath of healthcare’s most recent breach, it will be interesting to observe how organizations talk about their security—if they choose to talk about it at all.