Someone to whom I am related – they shall remain nameless on the off chance that they read this blog – will not process any financial transactions over the Internet because they are concerned about the security of their information. That’s right – not just no on-line banking, but no Amazon, no Lands End, no Groupon either. Yet this is the same person who, after eating at a restaurant, will give their credit card to an arguably over-worked, under-paid, “doing this until my agent gets me a gig” waiter who then takes that credit card out of my relative’s sight for a few minutes.
What the . . .?
Aside from those like my relative, I would say that there are two types of people today who do freely provide their credit card information over the Internet or through some other electronic means:
- There are those who do so with little or no concern for the privacy and security of that data. They have either developed a sense of trust or the convenience factor outweighs privacy and security issues so they simply don’t care;
- There are those who do so with some trepidation but are careful – they may monitor what domain name they are on, they make sure that any pages collecting and processing information use the https protocol, and they use strong passwords. They may even monitor their credit card statements to watch for unauthorized charges. They have struck a balance between convenience and being careful, primarily because they recognize the value of electronic exchange of information while still aware that there are potential pitfalls.
Simply as an aside, I would guess those in group #1 use the default privacy settings on Facebook while those in group #2 tweak those settings. To those in group #1 – I can see those pics of you drunk at the company holiday party. You looked great in that reindeer hat.
I bring all this up (the credit card issue – not the reindeer pics) because it is commonly accepted that many people consider the privacy and security of their health information at about the same level as the privacy and security of their financial information. Yet the healthcare industry is woefully behind other industries in applying appropriate measures. Don’t misunderstand me – the regulatory protections are in place. HIPAA and HITECH are to healthcare what the Financial Privacy and Safeguards Rules of the Gramm-Leach-Bliley Act are to financial services. I said that healthcare is behind in APPLYING those measures.
And why is that? One reason is that historically, any efforts around disaster recovery and business continuity were focused on maintaining critical applications in a hospital, so that’s where the funding went. Computerized Provider Order Entry and Electronic Health Record systems had to have 5-9s availability, but other systems less so. Even though those other systems contained Protected Health Information, they often lacked in adequate security simply because they were not deemed critical.
Another reason is that securing desktops was both onerous and impeded users’ perceived right to personalize and utilize devices as they saw fit. “What do you mean you’ve disabled the USB port? How am I supposed to use my <insert name of cool device that is unrelated to work here>?” In healthcare, there has been a culture of entitlement that includes computing resources.
Healthcare CIOs now realize that leveraging cloud computing, including virtualizing desktops, provides them with flexible and agile platforms that are much easier not just to manage, but to protect. It also provides a manner in which to secure desktops while still providing a personalized experience to the end-user. “That USB port? Sure you can use it – we just set up your session so you can’t offload protected data.” Especially in an environment in which sharing of personal health information is now not only being encouraged but also rewarded, “trust” is what must be built into the entire environment from end-to-end in order to foster both the convenience and value of information exchange. ” In Leveraging the Cloud to Meet Today’s Healthcare Challenges, we state that “Cloud computing enables healthcare providers to build the platform and weave the fabric of trust.” It is that fabric of trust that must cover (sorry about the pun) not just a patient’s information, but their perception of how seriously an organization takes their responsibility to protect that data.
Just as most people inevitably trust that their financial information is being protected, so must they feel about their health information in order to achieve the value of coordinated and collaborative care that is the cornerstone of patient-centered and accountable care.
Still worried about your personal information? I’d be more worried about handing over my credit card for the co-pay at my next doctor’s appointment.
