With so many data breaches over the last decade, it’s no wonder that many hesitate to share their personal health information online. WebMD Health Services is proud to show how seriously we take healthcare data privacy by once again achieving the gold standard in health data security: the HITRUST CSF Certification.* I sat down with the marketing team to share my thoughts on why this certification is so important.
Before we get into the details on the HITRUST recertification, we wanted to ask: Why is healthcare data such a target for cybercriminals and, therefore, so critical to protect?
With healthcare data, cybercriminals can commit both identity theft and medical fraud. They can purchase prescription drugs or even craft personalized phishing messages to launch more involved attacks. That said, personal health data sells for much more on the black market than stolen credit card data. That’s because, while credit card data is easier to turn into money quickly, that opportunity also dries up quickly. Banks can cancel credit cards at the first sign of fraud, but personal health information can’t be canceled—it consists of permanent facts that cybercriminals can exploit longer and in more ways.
Why is it important for users to feel confident in WebMD Health Services’ data security?
It’s all about trust. Our ability to help people live healthier lives relies on data they share with us so we can tailor solutions to their needs. If users don’t trust us with their data, we can’t help them achieve their health goals through Health Coaching and other personalized services. But with so many data breaches in the healthcare and financial services industries over the years, people are understandably skeptical. They won’t just take our word for it that we have the highest security protocols—we need to prove it.
So, how does achieving HITRUST CSF Certified status help users feel more comfortable?
First, it’s a third-party organization, so right there, we know that it’s objectively looking at our security protocols to make sure we’ve met key regulations, are following industry standards, and are appropriately managing risk. Second, the certification process is incredibly rigorous—it takes about a year to become certified, and we had to address over 500 separate requirements to receive HITRUST CSF Certified status. It’s a high bar, and one that many of our competitors have not achieved.
We’re curious—how has the pandemic affected the need for data security?
To me, at the basic level, it doesn’t change the need for security. That will always be there. But it does shift the threat surface and increases risk in some areas, which can lead to further distrust from consumers. At the end of the day, people need to know that they can count on platforms to keep their data protected.
Maintaining our HITRUST CSF Certification gives health plans, employers, and their populations the confidence that they can safely share personal information with WebMD Health Services. Data security has always been important, but has become perhaps even more so as we continue to conduct more and more of our lives online—including ways to enhance our health and well-being.
*The HITRUST CSF Certification covers data shared via the Personal Health Manager, Site Manager, Active Coaching, and backend systems supporting the Wellness at Your Side application hosted at colocation facilities in Portland, OR and Manassas, VA.