Healthcare Information Security

Cybersecurity News

Big data implications for health data security, privacy

By Kyle Murphy, PhD

- The healthcare industry is showing a growing interest in the potential of big data and healthcare analytics to improve patient outcomes and the business of providing high-quality at a manageable price. At the same time that big data is expected to offer serious benefits to healthcare organizations and providers, it also presents new problems for covered entities and health IT professionals charged with safeguarding the integrity and confidentiality of protected health information (PHI).

According to new research by the Institute for Health Technology Transformation (iHT2), these problems pose risks to no less than four categories of information:

• Personally identifiable information (PII)
• Clinical data
• Financial data
• Behavioral data

The authors of the iHT2 research, “Transforming Health Care Through Big Data,” identify the loss of PII as the greatest threat to patient privacy and most demanding of the attention of healthcare organizations and providers. A failure to do so could prove costly in a number of ways. “While external threats dominate top of mind discussions, information breaches are growing, presenting the potential for significant loss of customers, incurrence of high compensation claims, lawsuits and permanent damage to reputation,” states the report.

The adoption of electronic health record (EHR) systems has increased the amount of patient-specific information contained in databases and moving between systems and physicians. The relationship of this data to reimbursement via Medicare or Medicaid makes attractive to information theft. As the authors indicate, “Combined with a policy number, a hacker can use it to receive unauthorized medical care or bill for services never received. The leakage and/or corruption of such information can even result in irrevocable harm to one’s personal and professional life.”

While the financial industry is often held up as a example of how the healthcare industry should approaching safeguarding its valuable data, its progress toward securing its systems and data has the added effect of making healthcare financial data are more convenient target. What’s more, the reliance of healthcare organizations and providers on external resources to handle these data increases the risk that this information could be breached. “The outsourcing of billing activities and increased internet and mobile involvement in health care create more avenues for potential data theft; the resulting legal consequences and loss of patient trust can taint an organization’s brand for life,” the authors claim.

BYOD, medical device integration, and the rise of mobile health (mHealth) mean that more data are being created and accessed than ever before. These increasing points of access also represent additional points of opportunity for data breaches. Add to this the value of behavioral data, and you’ve got a recipe for disaster:

Behavioral data is increasingly becoming the ‘hot favorite’ for cyber thieves as it helps to draw up startlingly accurate representations of human behavior which are of great demand among marketing companies and also others with illicit intentions. With growing usage of tablets, smartphones and other mobile devices, this data is becoming more vulnerable to theft.

Managing health information systems and ensuring health data security and privacy in the era of big data and healthcare analytics will require covered entities and health IT professionals to think on a similarly large scale about the decisions they will make to keep information both flowing and protected from unauthorized users.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks