Data Privacy Lawsuits Sweeping the Healthcare and Tech Sectors and What They Mean for the Industry
Data privacy lawsuits have rapidly increased in the healthcare and technology sectors in recent years, in part due to the increasing demand for access to sensitive medical data as well as the emergence of innovative products and services that rely on personal information. Since these attacks have occurred, companies have been forced to rethink their current strategies, realizing that if they wish to protect customer privacy as well as provide necessary services, they may have to adjust their policies and procedures handbook.
Casey Liakos, President & Co-Founder, Carex Consulting Group is a Talent Acquisition Leader and career matchmaker that’s helped companies with staffing and recruiting industry talent and he believes that the recent flurry of lawsuits maintains a couple of similar themes that companies can learn from.
Casey’s Thoughts:
“Hi, I’m Casey the President at Carex Consulting Group. We are a consulting firm and career matchmaker based in Madison, Wisconsin. There’s been another flurry lately of data privacy lawsuits both inside and outside of healthcare over the past year. And these lawsuits have a couple of themes.
Number one, an increasingly complex environment of online tracking by organizations, websites, and apps by third-party trackers that just have too much access to users’ data and not enough oversight.
And number two, garden variety HIPAA violations where a HIPAA-covered entity or business associates of that entity knowingly or unknowingly access or share patient data.
Increasingly, companies need to fully understand what patient or user data is being collected by the site, the website, or any third parties and really scrutinize that. They need to inform their users of those data collection policies and practices through their privacy policy and education.
Data tracking online has come to be accepted as a necessary evil and an expected practice in the modern era, however, heavily regulated industries like healthcare need to stand to a much higher standard of protection of that user data. In healthcare specifically, the best protection really starts with the HIPAA rules that are put forward by the federal government. Close examination and adherence to those rules that are laid out will get you 90% of the way to where you need to be and to full protection.
People recognize HIPAA as a simple rule of thumb, not to disclose patient data or any personal health information, but the rules really go far beyond that. The rules are very prescriptive in how data should be handled and that stands for the background systems that drive healthcare, all the vendors that you work with as a healthcare organization how they handle the data and how the equipment that houses and transmits that data needs to be protected.
And those protections, as I said, they pass through, they have to pass through to the vendors and contractors that healthcare, insurers, and their partners use. The systems and policies in place in those organizations are as important as the systems in the healthcare provider’s organization. So what can be done?
The challenge is very complex and unfortunately, it doesn’t seem that there’s really an easy fix beyond a healthy investment in cybersecurity tools, talent, your staff, and qualified advisors. These issues require such close monitoring that you need to make sure you’re putting enough resources behind the problem. The alternative is to face a lawsuit or some other inevitability that is probably much, much worse. And even worse than that, a loss of trust from your stakeholders, your users, your patients, et cetera.
So again, there’s no shortcut. HIPAA compliance is an ongoing process. It’s not a one-time fix and it requires a healthy investment in your systems, in your staff and the talent that you have in your organization, and in the advisors that guide you along the way. This will protect not only your patients but all the companies that have access to their data, including you.”
