Dr. Eric Liederman, director of medical informatics for The Permanente Medical Group, says good communications with patients about cybersecurity protection is essential – even as risks to protected health information are on the rise, from external bad actors and insider threats.
Growing patient discomfort in sharing health information
Beyond health system disruptions such as ransomware that can compromise patient data, cybercriminals are increasingly going after individual patients. Some know they have a “target” on their backs and remain tight-lipped with their healthcare providers, said Liederman.
Before what he referred to as the major ramp up in attacks against healthcare that began in 2015, there was “an appreciable minority of patients who were uncomfortable providing all their information to their doctors,” he told attendees at the HIMSS Healthcare Cybersecurity Forum in Boston earlier this month.
According to one 2014 survey, 10% of patients distrusted health technology, Liederman said, but another recent survey found 87% of patients are unwilling to divulge all their medical information.
It’s not only “a sense of psychic harm” they seek to control in holding back health information, a sense of distrust that their health system can protect them has them seeking care elsewhere.
“How do we impress upon our patients and our workforce that we’re protecting them?”
Implementing mechanisms to ensure the safety of data – from the inside of organizations out – and communicating about cyber protection efforts has resulted in better outcomes, Liederman said.
Joint governance leads to better patient protection
Liederman credited joint governance for helping to facilitate a higher sense of trust among patients and the workforce.
With joint governance, there’s increased dialogue that says, “We’re all together on this – all the way to the top of the organization,” he said.
At Kaiser Permanente, members from all parts of the organization play