Jeanne Zucker, vice president, athenahealth, started the event by saying she always starts her comments from the back of the room which is where she started at the HBA in 2005. She never imagined in 2005 she would assume the role of the 2014 HBA president. Jeanne finds the HBA to be a remarkably supportive organization. She also remarked the HBA Chicago chapter is one of the star chapters, growing membership and offering remarkable programs.
Natalie Sandstedt, principal, B3 Healthcare, was recognized as the HBA Chicago chapter April volunteer of the month. Natalie is managing the lunch and learns program which has shown huge growth and is now providing 3-5 events per month. She noted the events have a remarkable turnout. Natalie started as a HBA Chicago chapter volunteer only nine months ago. Not only did she achieve her original goal of increasing her network but she meet individuals she can go to for advice and help her expand her knowledge. All in all, Natalie said volunteering has been a great experience.
The event’s moderator, Eileen Erdos, principal, life science fraud investigation at EY, introduced each panel member, and a discussion of the issues surrounding balancing the risks versus the benefits of big data in healthcare.
Ray Biondo - Chief information security officer, Blue Cross Blue Shield
Reza Chapman - Senior manager, healthcare information risk management, EY
Daniel Colin - Director of global security and privacy officer, Hospira
Stephanie Zaremba - Senior manager, government and regulatory affairs, athenahealth
Stephanie started by saying athenahealth is unique in that they have used big data for their entire existence. Athena uses big data for betterment, for example, by publically ranking insurance payers. Once the insurance companies got over the shock of seeing themselves publically ranked, all of them started to compete with each other resulting in an overall improvement in service.
Ray explained BCBS’s marketing people need access to big data to analyze and better understand new members, and how to market to new members. Their health and wellness organization mines the data which helps them offer targeted consulting services to members with specific health issues. For a long time, big data wasn’t recognized as the significant asset it is. Now, they build multiple layers of security around the data using sophisticated encryption.
Using the recent Target data breach as an example, Resa said companies need to focus less on compliance as a check the box exercise and do it right from the start. She acknowledged this can be very challenging especially when handling very sensitive private information mixed with public information. Resa relayed that in every environment they have audited they have found issues. She explained a health record costs $50-500 on black market as opposed to a credit record which costs only about $0.50.
Ray discussed the need to recognize data needs to be safe-guarded everywhere it is touched. If a machine that contains data is repaired, the user needs to know to what minimum data to provide with the repair request, and needs to make sure whoever is repairing the equipment knows to keep the data secure. Also, when data is moved from one location to another it needs to be secured, such as, when moving data from an insulin pump to a server/storage location. Also, manufacturers need to design a device with data privacy in mind, and change from an attitude of what is the minimum when designing a product to what is the best and most appropriate. Healthcare needs to move to fraud alerts, as in the financial industry, letting you know when someone is using your identity to, for example, to purchase drugs. He advocates healthcare needs to adopt metrics as in the financial section that measure their effectiveness at keeping private data secure. On the whole, Ray feels healthcare payers are more prepared when compared to providers.
The panel agreed the biggest threats come from hackers, hostile governments, criminal enterprises and insiders - especially privileged users such as those in IT, as well as non-malicious people that just make a mistake.
Ray (Wellpoint) explained they hire hackers to test any software they are considering buying from an outside vendor. They record the hacks to show how they break in and then they share with the potential vendor so they can implement the necessary patch. He considers this a ‘public service’. Ray also shared that he is part of the Health Information Trust Alliance, including the US secret service, which established the Common Security Framework, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information.
The evening wrapped up with questions from the audience. One member asked whether anyone on the panel had seen changes in behavior from physicians as their awareness increases about the need to secure their patients data, and all said to date, they had not noticed a change. Another member asked what consumers can do to actively protect their personal data. Suggestions from the panel included shredding everything you throw away, minimizing your footprint, read explanation of benefits statements, awareness of what data you are sharing and adopt ‘container technology’ on personal devices.
Post event write-up by Kim Wilber, HBA Chicago chapter marketing committee volunteer