Rebekah Johnson, CIPP/US, is the Senior Compliance Manager for West Notifications, Inc.
When Edward Snowden shed light on the National Security Administration’s surveillance programs, Americans were left asking many questions. Questions ranging from “How can the government do this?” to “What information are they gathering?” became conversation topics for many Americans. In the healthcare world, these revelations have made both patients and healthcare providers concerned over how secure information is in the hands of third-party vendors. These vendors, which providers rely on for many things, are being scrutinized for their attention to detail, data storage and potential for breach.
The impact Snowden’s whistleblowing has had on healthcare providers and third-party vendors across America is far reaching. People are closely examining privacy policies now, whereas signing privacy forms at a doctor’s office used to be just an afterthought. It has forced businesses that rely on American third-party vendors to ask if their data is being protected, and at what level. The NSA surveillance program brought awareness to the word privacy and the actions and steps that are, or aren’t, taken by providers and their vendors to keep information protected.
Healthcare providers cannot afford to take security and privacy for granted and assume that their patients’ information is being adequately protected. Patients will hold their healthcare providers accountable if there is a breach. Therefore, to truly ensure data is protected, it is the job of providers to ask vendors the appropriate questions to ensure that the proper security and privacy policies are in place to lessen the risk of a security breach. And beyond asking tough questions, the emphasis on proper due diligence to vet accurate answers and understand processes has never been greater. There are two key focus areas: security and privacy. It is important to remember that you can have security without privacy, but you cannot have privacy without security. In a world where our information can and has been looked at by our government, making information both private and secure is vitally important. Finding a third-party vendor that ensures the information is private and secure has to be a top priority.