Privacy is a precious commodity. It seems like a week doesn’t pass without a company announcing some kind of data breach that has exposed the personal information of thousands, even millions, of people. Even more worrisome, in some cases it may take months before an incident is revealed to the public.
Financial institutions, social media and Internet companies, even retailers offering credit cards have all been targets of some of the biggest data breaches. Healthcare providers are high on the list, too.
In fact, 62 percent of healthcare organizations have suffered a data breach in the past year, according to a recent Ponemon Institute survey of hospitals and payer organizations. The healthcare industry has been the second-most targeted industry for data breaches four consecutive years and yet only slightly more than half of organizations in the survey have implemented a program to respond to these incidents.
That’s perplexing, especially when respondents in the survey reported that it cost about $4 million to clean up after they had been compromised.
It’s no surprise that consumers are losing trust in anyone who handles their personal information. It’s gotten so bad that they don’t even feel comfortable sharing with their doctor. A staggering 89 percent of adults who visited a healthcare provider in 2016 said they were unwilling to share their full medical history with their providers, a Black Book survey found.
It goes without saying that this sort of news is deeply troubling. Not just because privacy protection and consumer trust are things we take incredibly seriously, but also because of the warning it sends to our entire industry. How can we truly serve the individual needs of each person if nine out of 10 of them are afraid to share their electronic medical records or other sensitive health information for fear they may be stolen, or shared without their knowledge?
To honor the trust that consumers and our clients have in WebMD Health Services, we have achieved the gold standard in health data security: HITRUST CSF Certification. The certification covers Personal Health Manager, Site Manager, Active Coaching, and Supporting Infrastructure, which includes personal health data across all WebMD Health Services’ core offerings, products and platforms.
This gives peace of mind to those who interact with WebMD Health Services.
For consumers who take our Health Assessment, talk to a WebMD Health Coach or use another of our products, this certification further underscores our commitment to protecting their privacy and honoring the trust they already have with the WebMD brand. For our health plan and employer clients, this demonstrates that WebMD Health Services’ data security infrastructure has met industry-defined requirements, is appropriately managing risk, meets federal and state regulations, standards and frameworks, and incorporates a risk-based approach.
Forgive us, for a moment, as we toot our own horn. This is an incredible achievement. Data privacy and security is one of our core values at WebMD, and we’re proud to join an elite group of companies that have met this benchmark certification in the healthcare industry. Suffice to say, it took a lot of hard work but it was something we were committed to achieving.
As part of the rigorous certification process, HITRUST visited WebMD Health Services locations in Indianapolis and Portland, Oregon, as well as each of our data centers on the east and west coasts. We were measured on 349 different requirements across 66 control categories.
Those data centers now have all new hardware as part of a complete infrastructure refresh. As we work to maintain the HITRUST CSF Certification standard and comply with future updates, this new foundation will serve our customers better and ease adoption of future requirements.
For more information about HITRUST CSF Certification, visit https://hitrustalliance.net.
