Developing and maintaining trust is paramount when using mobile technology to engage more frequently and effectively with healthcare consumers. This requires proper attention to the security and privacy portion of your mobile strategy.
During the summer of 2014, nearly 5 million patients had their personal data compromised in health system privacy breaches. And in the summer of 2015, more 4.5 million patients may have been affected in a separate cyber attack. Because health records contain personal, financial and medical data, the data is especially attractive for cyber-thieves, commanding up to $1,300 per record on the black market.
Health plans must keep pace with these threats to protect sensitive data belonging to members, and to minimize the financial risk of a breach. Doing so will engender member loyalty and satisfaction, while doing a poor job of protection is a massive threat to customer retention, branding and revenues.
An effective privacy and security strategy for health plans should include two major components:
- A strong privacy framework. Use of a common privacy framework such as the ONC Privacy and Security Framework or Markle Foundation’s Common Framework, both of which address critical aspects of privacy including collection, limitation, oversight and remedies.
- Additional mobile controls and security features. The native security features of Android, iOS and Windows mobile platforms might not be adequate for protecting personally identifiable health information on mobile devices. Insurers will also need to deploy in-app controls, encrypted data storage on and off devices, secure log-on and log-off procedures, and remote wipe technology for lost or stolen devices to ensure compliance with HIPAA.