Why Trust Versus Security and Privacy, Is Holding Back Innovation with Medical Data

Innovation and Medical Data

As healthcare organizations continue to sift through attempt to maximize the potential of the massive collections of health data, trust has become the polarizing topic. Understanding how professionals in the supply chain (doctors, hospitals, insurers) collect, use and disclose health data on an everyday basis, and the potential opportunities to revolutionize healthcare are among the first steps to making the large data sets usable and fostering trust.

Often security and privacy are cited as barriers to using data, but really what regulators and end users are worried about is misuse and abuse of data. It’s not to say security and privacy are not important, but there is an overarching issue of trust that is not adequately addressed. Thought about differently, you can have security and privacy, but these don’t mean as much without building a trusted ecosystem.

How do you build and maintain trust in the world of digital healthcare? And how do you do this in a world where conducting data analysis on large sets of data is crucial to not only revolutionizing healthcare but saving lives? For example, the ability to analyze datasets of pacemakers will have lifesaving capabilities if we can better understand how and why they might malfunction.

What instills trust in humans is not always easy to define. I see trust as the intersection of three components: (1) transparency in provider practices, (2) meaningful engagement with customers, and (3) ethics, that is, focusing on doing the right thing. As it relates to the first component, many organizations are starting to maintain a trust section of their website where they seek to offer greater transparency to customers about their practices. Often visitors will find explanations of how the organization uses data, they share it with, and a code of principles that guide their uses of data on the trust section of the organization’s website which ties into the second component. Trust forms the foundation for effective communication and customer retention and is maintained by small actions over time. It is not so much a matter of technique as it is a reflection of character. Organizations that seek to do business in a truthful, straightforward and authentic way, as opposed to a slick website and expertly-crafted communications that are deceptive, will win over customer trust which is really the essence of the third component of trust.

Further complicating matters in the realm of healthcare, trust has been significantly undermined by imperfect security and privacy measures. Most consumers have lived through a major healthcare data breach and, moreover, many are used to being asked to sign privacy notices often at the time of requiring medical treatment. Not only are patients often incapable of identifying when these notices may mislead them on the uses of their data, they are in no position to dispute the terms of such a notice when it is a pre-condition of receiving medical care. Consumer confidence in the healthcare is at a low given the failure of most healthcare organizations to maintain a semblance of basic trust as it relates to the three pillars described above.

However, the opportunity remains for the industry to galvanize and bring about a new code of trust. A code that, beyond regulatory measures, provides a consistent set of provider practices on how medical data can be used and what anonymization techniques should be applied. Such a code should be built with consumer-digestible explanations and be accompanied by a code of ethics that should span all parts of the supply chain ranging from insurers to hospitals to those that seek to build new services based on medical data. Trust is the cornerstone, the foundation, for everything that an organization or an industry wants to become in the future. My advice to the healthcare industry: take time to lay the groundwork well!

By Evelyn de Souza

Dana Gardner
Just as cloud computing initially seeped into organizations under the cloak of shadow IT, application programming interface (API) adoption has often followed an organic, inexact, and unaudited path. IT leaders know they’re benefiting from APIs -- ...
Derrek Schutman
Implementing Digital Capabilities Successfully Building robust digital capabilities can deliver huge benefits to Digital Service Providers (DSPs). A recent TMForum survey shows that building digital capabilities (including digitization of customer experience and operations), is the ...
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...
Gary Taylor
Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...
Alex Vakulov
Ransomware Database Targeting The scourge of ransomware is undoubtedly the most severe cyber security concern for home users and organizations these days. It revolves around taking important data hostage and demanding money, usually hard-to-trace cryptocurrency ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.