Risks Associated With Exchanging Data With Outside

¶ … risks associated with exchanging data with outside partners. The most significant risk is probably with respect to data security. A survey of people within the health care industry noted that within the industry there are a number of concerns expressed relating to security. These include the risks of exchanging data between health care providers and government (fear of government), storage in insecure databases (fear of technology), and patient registration on insecure websites (again, fear of technology). The problem is that the people expressing these fears are not IT professionals and do not actually understand the risks that they are afraid of. They fear that there is growing interest among thieves trying to steal personal health records. The market for social security numbers, Medicare or Medicaid numbers or other health numbers is driving these fears (Diana, 2014).

Basically, a major issue here is that health care providers do not trust their partners in data exchange, and they do not trust technology. The latter is understandable to some extent, given the large amounts of press that security breaches receive and the fact that few people are knowledgeable enough in IT to actually understand modern data security and threats. Indeed, when a survey shows that "public cloud services, mobile device insecurity and cyberattackers" are considered to be unique threats, it shows a high level of ignorance within the industry -- only the latter is a threat; the other two are mechanisms for data transfer and it is cyberattackers who exploit weaknesses in the mechanisms. This is like being afraid of theft and listing your three biggest fears as cars, houses and thieves.

Trust in business partners is a more interesting concept, because this really shows that a lot of risk is perception. In most industries, companies that work together trust each other, and for some reason there is just a high level of fear and mistrust in the health care industry. But when appropriate steps are taken to protect data, the transfer process can be very secure. Partners probably do not have any reason to steal patient data, and the government even less reason.

An example of information exchange is something like ICD-10, which is an international effort to document disease, therefore requiring a high level of coordinated data exchange. The benefits are obvious -- better understanding of disease and disease patterns will lead to superior health outcomes. The data exchange part has some people worried, but they need to get on board. There has been an incredible amount of delays in implementing this, but companies need to believe in the project, get the software installed, train their people and secure their data.

4.

The best approach to getting health care vendors to exchange data is to work with them to highlight the functionality, the benefits (cost benefit analysis) and also to assuage their security concerns. This means training, and lots of it. The key decision makers are going to be swayed by a lot of different types of arguments, but they all come down to money. Personal marketing, one-on-one, is the only way to reach this audience. In that sense, it is necessary then to make a comprehensive pitch that will answer their questions and concerns.

The first issue is the benefits. Always focus on the benefit first. The features are important but so are the positive outcomes that the organization will get from sharing data -- cost savings, better service, better health outcomes. These benefits can typically be quantified, since the vendor has prior experience with its other customers. By highlighting the cost and operational benefits, the vendor can illustrate to the customers why they want data exchange. Without creating that desire, there will be no business, so it is critical that this desire be created.

The second way to approach the marketing is to allay concerns. This is important because for all of the benefits there are going to be costs as well. First there are financial costs, and the discussion of benefits will highlight that they are far greater than the financial costs. But there are things like security and training concerns as well. The company is therefore going to have to offer a training program to ensure that the customers feel comfortable that implementing the software is going to be a smooth process, because they might be anticipating some unforeseen costs here.

Then there are the security concerns. This is going to require some education. The risks that are most likely to be expressed are legitimate, but vastly overblown. Health care providers need to understand how security works with respect to data exchange, and that the vendor has a clear sense of how it is addressing these issues. The vendor should also present specific data, especially data that contradicts some of the media hype and irrational fear surrounding this issue.