Health care is an industry seeing a good deal of change. With these changes, patient security needs to be top of mind with providers and doctors. Top-level, secured communications, including access to patient records, lab reports and similar information is becoming a differentiating factor for health care organizations in recruiting top physicians, a critical factor in addressing patient (customer) concerns, Larry Whiteside, Jr., director of IT security, risk and compliance for Spectrum Health Systems, told Loyalty 360 during the SC Congress Chicago conference and expo Thursday.
Health care professionals expect the health care system that they work for to have full Web-based capabilities, Whiteside said. “We see this as being a differentiator for us over other health care systems that don’t offer this capability.”
The patients themselves also like the idea of easy access to their records, though for them it’s not a deciding factor in deciding on a health care system, Whiteside admitted. “But it does provide them with a better customer experience.”
Patients don’t usually concern themselves about the security of the communications either. But if the security is compromised, the health care system will not only have to deal with patient complaints, but also HIPPA-related fines, and reputation risk. If current and potential patients learn of a health records security breach, they are likely to go to another provider, according to Whiteside.
The industry still has plenty of paper, and provides paper records in many instances (and always on request), but the industry trend is definitely toward electronic records, Whiteside said.
Whiteside added that this type of access is also expected by Generation X and Generation Y patients, who have grown up with digital technology and are much more comfortable with accessing information this way than keeping track of paper records.
“Our customers want to be able to have ease of use and multiple ways to access their records, including outcomes of visits, lab results, reports of hospital stays, information on upcoming visits (appointments), etc.” Whiteside said. Online access to health care providers is another important aspect of today’s patient-customer relationships, particularly with younger patients, who want mobile as well as Web access.
So Spectrum Health uses not only its own security resources, but also those of third party providers like Equifax to secure access to customer information. Those providers have access to personal information like monthly mortgage payments and other financial data that can be used as part of “adaptive authentication” to produce security questions to help authenticate patients and health care professionals attempting to authenticate health records.
Despite these and other security practices employed by Spectrum Health, the health care industry as a whole is about five years behind another security and compliance intensive industry, financial services, in terms of its security practices, according to Whiteside. “What we are trying to do is to get to that level of security.”