When Premera Blue Cross announced this week that ithad uncovered evidence of a data cyber attack that may havecompromised the health records of 11 million people, the newsdelivered a gut punch to the health insurance industry as awhole.

|

Premera was just the latest health insurer subjected to amajordata breach. As more information is stored online,more personal information is at risk to such threats. But even asthe at-risk data base grows, efforts to provide better security arealso evolving.

|

A white paper from Intel Security (McAfee) and the AtlanticCouncil takes a look at the risk-reward balancing act that’splaying out as the nation attempts to reap the benefits of a richdata network against the welfare of millions of individuals whocount on that data to be kept private.

|

A practical point raised by the paper is whether, in the rush todevelop new and better medical devices, the matter of data security has been relegated to a lowerpriority that it perhaps should be.

|

“The current focus in medical device development and productionis on manufacturers’ preferences and patients’ needs. Industry andgovernment should also focus on implementing an overarching set ofsecurity standards or best practices for networked devices toaddress underlying risks,” the paper says. ”Should any high-profilefailures take place, societies could easily turn their backs onnetworked medical devices, delaying their deployment for years ordecades.”

|

The authors argue that the current emphasis on regulatingmedical practices and devices to try to increase security is awrong-headed approach.

|

“The report recommends continued improvements to private-privateand public-private collaboration. More coordination, not moreregulation, is warranted. Regulators do not always keep pace withtechnological progress. They should have feedback from a full setof stakeholders through transparent collaborative forums thatassure the regulator’s independent functioning without creatingconcerns of collusion with industry. Likewise, industry officialsshould continue to improve communication among themselves.”

|

In addition, the authors say, the general public — whose data ismost at risk — needs to have a way to have a strong voice instriking the balance between data sharing and data risk.

|

The industry must build security into devices from the outset,rather than as an afterthought. As McAfee’s then-CTO Stuart McCluretestified before the US House Committee on Homeland Security in2012, “Cybersecurity has to be baked into the equipment, systemsand networks at the very start of the design process.”

|

The full white paper goes into great detail on the threats tonetworked health care data and offers in-depth recommendations forenhancing data security. It is available here.

|

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Dan Cook

Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.