Safeguarding Patient Health Data Means Balancing Access and Security

No patient wants to receive a healthcare data breach message, and no physician or payer wants to send one. Yet, in 2023, the number of such breaches has more than doubled compared with 2022, and it’s predicted that the number will continue to increase in 2024. 

The proliferation of digital health tools during the pandemic and the implementation of the 21st Century Cures Act give patients access to and ownership of their own health information for the first time. While this has many benefits, it also leaves healthcare data and technologies more vulnerable to security breaches, including data leaks and distributed denial-of-service (DDoS) attacks. 

As a result, healthcare providers and payers must prioritize protecting patient health data and systems to prevent catastrophic disruptions such as ambulance diversions and data leaks.

Greater power, greater responsibility

The 21st Century Cures Act, also known as the information blocking rule, has pushed the healthcare industry toward patient-centric care, and given patients ownership of and better access to their health data. This means patients can now access their medical history in a more timely and efficient manner, enabling better continuity of care. Patients no longer have to petition their provider for a copy of their chart and wait weeks for it; the law now requires that patients have real-time access to their medical history.

The use of application programming interfaces (APIs) to share data across the healthcare ecosystem is a key factor in this advancement. APIs are also driving the growth of the Internet of Medical Things (IoMT), which is revolutionizing care by providing patients with remote monitoring tools and virtual options, making improved care possible for nonurban populations and patients with mobility issues.

However, with this increased access to health data comes the responsibility to protect it. The healthcare industry is a key target for cyberattacks because of the high value of medical records on the black market. In fact, a recent report found that such records can sell for up to $1,000 on the dark web, compared with $5 for credit card information and $1 for a Social Security number. This emphasizes the critical need for heightened cybersecurity measures in the healthcare industry.

Implementing microsegmentation

To aid in this effort, Congress introduced the PATCH Act, which ensures that all new digital health tools meet strict cybersecurity guidelines. However, this legislation only applies to technologies introduced after the act went into effect in October 2023, meaning older and outdated systems are still vulnerable to breaches. As such, it’s vital for healthcare providers and insurers to invest in cybersecurity measures that can protect all aspects of their networks, both old and new.

One approach that is gaining popularity is microsegmentation. This involves dividing a network into smaller, isolated sections, which limits the extent of a potential breach or DDoS attack and protects the overall network. By implementing this strategy, healthcare providers can better defend their patients’ data and safeguard their systems from cyberthreats.

Providing more personalized treatment

Securing patient data isn’t just about preventing breaches, however. Just as patients’ data must be protected, it must also be more easily shareable. As technology enables this exchange, healthcare can move away from being episodic and instead become longitudinal and collaborative, giving providers a more complete view of their patients’ health information, which allows for more informed and personalized treatment plans. 

What does this mean in real life? If a dermatologist wants to prescribe a medication, they can easily check that patient’s prescription history to make sure that the new drug won’t interfere with anything else the patient has been prescribed  (by a primary care physician, for example)  — no matter whether each doctor is in the same care network or not. 

Enabling greater interoperability

To achieve true interoperability, healthcare providers and payers need a reliable and secure partner in powering and protecting their ecosystems. Akamai offers a breadth of solutions for healthcare providers and insurers to ensure the protection and seamless exchange of patient health data. 

Collectively, patients and those who pay for or provide their care need to make sure that the future of personal health does indeed remain personal — by sharing healthcare data with only the right people, at the right time.

Akamai helps healthcare organizations keep patient data safe with microsegmentation for providers, payers, life sciences, and healthcare information technology companies.