Payers look to improve efforts to protect data
Consumers trust their healthcare provider and payer organizations to protect their health information better than technology companies and government agencies, and may be unforgiving of providers and payers that fail this mission, according to a recent survey.
Consumers who feel betrayed by their provider can find another provider. But they also can find another insurance company if their current carrier has a damaging breach.
That’s the message that Reza Chapman, managing director of cybersecurity at Accenture, and John Schoew, a managing director at Accenture, and will bring to a session during the annual conference of America’s Health Insurance Plans, June 7 to 9 in Austin, Texas.
While it is more difficult to switch insurance plans than providers, an Accenture survey of 2,000 healthcare consumers finds a sizable number of breach victims are doing just that; 25 percent switched providers and 21 percent switched insurers.
These engaged consumers are looking at their claims and explanation of benefit statements and may be finding that they received physical therapy when they really did not. “All the crook needs to file a claim is the patient name, Social Security number, date of birth, address and ICD-10 treatment codes,” Chapman says.
Consequently, insurers need to step up their game, the presenters will tell payer executives during the session. In today’s threat environment, the value of provider and payer data to hackers looking to perpetuate insurance fraud and file false claims is equivalent. Those with stolen data will be looking to sell it or to work with others to set up false clinics and generate claims.
That means insurers need to engage ethical hackers to “pressure test” the organization’s defenses, finding vulnerabilities and helping to assess how well the organization can handle a serious attack, he says.
Inside the organization, executives need to make security everyone’s job as the insider threat remains the top cause of breaches. Most often, employees are doing something that unwittingly could cause a breach, but sometimes, they may be working with a hacker and could be the initiator of a breach so use of behavior authentication technology can help find the bad apples.
Chapman and Schoew also will explain how insurers can give tools to covered consumers to better protect them. These include login and account protection processes, two-factor authentication, ID-proofing using data to make a judgement on whether a log-in comes from a legitimate user, and one-time passwords. Overall, these protections can support consumers’ growing savviness of their own need to protect their information, Chapman says.
The session, “Are you one breach away from losing a healthcare consumer?” is scheduled at 4:45 p.m. on June 7.