|The Health Record Review
by Jeff Rowe, Editor
Posted on Fri, Dec 07, 2012 - 11:16 am
We noted yesterday the release of the Ponemon Institute’s third annual "Study on Patient Privacy and Data Security,” which pointed to a significant jump in data breaches across the healthcare sector.
Here’s a follow-up interview with Rick Kam, president and co-founder of ID Experts, which sponsored the study, and the Institute’s chairman, Larry Ponemon.
After a brief discussion of the overall value of healthcare information –or, rather, the potential value of that information to cyber thieves – the interviewees make an interesting point about why privacy and security are so relentlessly vexing for healthcare executives.
Specifically, Rick Kam said, “What we realized is — and this goes back to the industrial revolution — we don’t have a methodology for valuing data in general: as in, data as an asset. We have to put in place a way to value protected health information so that the CEO and the executive team making decisions on resource allocations can look at the privacy officer or whoever’s doing the suggestions on initiatives and basically be able to have them answer the questions: ‘How much is this data worth to our organization? Is this worth a dollar or is it worth $5 billion dollars? And what’s the appropriate level to make in privacy initiatives to protect it?’”
This strikes us a fundamentally logical observation, but we’d suggest that stakeholders, in both the private and public sectors, who decide it’s time to take on the issue should consider it a likely double-edged sword.
After all, on the one hand it makes sense that ascribing a value to data is going to make healthcare organizations more mindful of protecting it. On the other hand, though, given that private enterprises are in the business of trying to make a profit off the value of their goods and services, whatever form they may take, it seems reasonable to suspect that efforts to profit off newly monetized data is going to arouse the concern of patient advocates who argue that patient data belongs first and foremost to patients.
In the long run, applying dollar signs to data bytes is probably a good idea, given the assumption that property of greater value will get protected better than property of less or no value. But if data valuation is the main road to improving that protection, there’s going to be a few speed bumps along the way.
Photo courtesy of o5com via Creative Commons