Keeping Information Secure Remains Top Of Mind For Health Plans

Security incidents that involve customer or member data are completely debilitating for a health plan’s business. On average, a data breach costs health plans $6.45 million. In addition to insurmountable fines and reputational damage, depending on the type of information disclosed in a breach, many organizations need to pay for credit reporting for the customers the breach impacts. For smaller plans with fewer resources and smaller budgets, all of these things combined or alone can drive a company out of business.

As technologies and companies continue to expand into the cloud as well as technology modernization in data centers, there continues to be technological advances in ways to protect systems and prevent unauthorized access to systems.And as the ways to defend networks and systems improve, so do the methods that hackers use to try to infiltrate the infrastructure of those systems and gain access to data that can be used in devious ways.

Today, sophisticated cybercriminals are not only working to infiltrate the systems, but also the backup system as well, so it is crucial to not just protect data, but also protect those backups and means to recover if security incidents occur.

When it comes to disaster recovery, companies should look to their overall architecture and design to ensure they have high availability and redundancy in their systems; there must be backups and recovery means in place as well as disaster recovery plans. It is imperative to test those plans on a consistent basis as you must plan and prepare for the worst case.

Certifications like SOC2 Type2 and HITRUST prove that a health plan has achieved a high level of maturity that safeguards company and customer information. However, these certifications require significant time, executive commitment, and cost money and time. Onthe environment front, a health plan must ensure their systems and networks are secure and safe, and the policies and procedures in place are efficient and effective. Audits are time-consuming; it requires going through logs of information, validating that you’re following proper protocols and guardrails set up within each specific certification. It can take months of procedural validations to confirm you are aligned with controls of a certification.

Most leaders in healthcare are aware that it is vital to have security standards in place. But in my experience, it is the people or teams involved in day-to-day healthcare activity that must retain their focus on the importance of security. For payers of all sizes, but especially smaller organizations with limited resources and personnel, it is crucial that health plans have security training in place, so that all of the employees understand the importance of data privacy.  A solid security approach should also include Security newsletters and reminders to end users on safe guarding data and the correct security procedures.

Security around customer data is important to the business as well as the members. And without that in place, you’re putting your business at risk. Health plans are stewards of their members’ data and must do the right thing to maintain privacy and protection against that data.

Voice of the Market Survey
43% of IT leaders say keeping information secure is their top challenge

HealthEdge, in partnership with independent market research firm Survata, recently conducted a study of 245 CIOs and technology executives at health plans across the country. The survey found that regardless of their organization’s size, IT buyers often encounter strong headwinds in tackling these business imperatives. Download the executive summary to learn more.

About the Author

Glenn Mullen

Glenn Mullen, VP Delivery Operations, HealthEdge

Glenn joined HealthEdge in 2018, bringing over 20 years of experience developing and managing Technical Operation Centers and teams supporting hosted Healthcare customers. His diverse background includes leading infrastructure and application support level 1, 2, and 3 support teams, as well as ownership of the incident, problem, change, capacity, configuration, knowledge and service request functions, and support teams. Glenn has agnostic tools expertise across infrastructure, security, and operations, including owning technology vendor/partner relationships and tool selections based on requirements.  Glenn has developed and managed world-class SAAS teams delivering services in a multi-platform, fast-paced environment following defined processes and procedures to execute for customers with high levels of service. Glenn has worked with customer support leaders throughout his leadership career with a focus on successful delivery to customers while working to identify and fix areas of opportunity with a focus on continuous improvement. 

Subscribe to The 'Edge Report Blog