Earlier this year Cisco made public its 2021 Data Privacy Benchmark study, “Forged by the Pandemic: The Age of Privacy.” In this study, Cisco surveyed over 4,400 respondents located around the world who are deeply knowledgeable about the privacy and security demands of their companies.
The heart of the report centers on how the respondents’ privacy stakeholders maneuvered the pandemic. The report also highlights the importance of committing to privacy long after the pandemic is over.
It’s clear that for the majority of organizations, privacy has become a core component to improve how we work and interact with one another, improve trust with consumers or patients, boost operational efficiency, and achieve innumerable benefits to the enterprise.
The age of data privacy has arrived. Here’s what you need to know to succeed in this important new era.
Navigating the Transition to Remote Work
According to Cisco’s study, prior to the pandemic, about 40% of employees worked remotely. This figure skyrocketed to 67% during the pandemic, with 91% of organizations citing that at least 25% of their employees worked remotely.
We are particularly interested in how the healthcare industry addressed this shift in work. For one, healthcare organizations maintain supremely sensitive data on their networks, which are often outdated. This privileged data, ranging from patient records, social security numbers, and medical diagnoses have been made especially vulnerable during the pandemic.
Organizations encountered numerous privacy concerns, such as when to share personal information and by what means, how to implement privacy and security controls to protect data, as well as how to limit access to personal data. Additionally, pressures pertaining to personal health information to support national health initiatives also took the limelight, highlighting concerns surrounding HIPAA compliance.
As only 41% of organizations were self-described as being “fully prepared” for this changeover in terms of a security and privacy perspective, the pandemic placed an unprecedented burden on security professionals across the enterprise.
Privacy Maturity More Strongly Associated with Business Value
In Cisco’s report, respondents assessed their current privacy “maturity” level. This level is a composite of seven elements in the Center for Information Policy Leadership’s “Accountability Wheel.”
CIPL’s accountability wheel scores organizations from 1.0 (the least mature) to 5.0 (the most mature). On average, organizations are scoring higher this year compared to last year, at 3.68 from 3.65, with 35% of organizations scoring above 4.0.
One of the more remarkable findings in this report is that of the organizations scoring higher on the accountability wheel. Those organizations that champion more mature privacy practices see greater business benefits derived from their privacy practices, compared to organizations that are less mature. The six areas of benefits in Cisco’s report are as follows:
- Reducing Sales Delays
- Mitigating Losses from Breaches
- Enabling Innovation
- Achieving Operational Efficiency
- Building Loyalty and Trust
- Making Company more Attractive
Of the organizations measured, 85% to 91% of mature organizations achieved these six benefits, compared with 68% to 74% of medium-maturity organizations, and only 45% to 55% of those with low maturity. This indicates that investment in privacy and security delivers exceptional value to the organization.
The Pandemic Accelerated Privacy Needs, Especially in Healthcare
With new government mandates as a response to COVID-19 and a general increase in awareness among citizens about public health, the healthcare industry is looking at more comprehensive and efficient ways to collect, store, and manage sensitive consumer data.
How healthcare organizations protect data is of particular importance, not only because of COVID-19 but the advancement of technologies.
For instance, HIPAA protects the privacy and disclosure of patient health data however it was enacted by Congress back in 1996, long before apps and smart technologies became commonplace. According to the Wall Street Journal, modern technology, such as bodily monitoring technologies that are developed outside the healthcare system may not be subject to HIPAA protections.
Personal healthcare data utilized by the tech industry is nothing new. In fact, Google’s long-running programs including nefarious “Project Nightingale” have collated millions of personally identifiable health records from various hospital systems without the explicit consent of patients.
Another data privacy concern within the healthcare industry that predates COVID-19 is the outdated and insecure infrastructure healthcare organizations rely on. Hackers have taken notice of the tantalizing personal data that may be used as ransom or fetch large sums on the dark web and have honed new ways to take advantage of network vulnerabilities.
It’s of the utmost importance for all organizations, especially healthcare organizations, to safeguard data and ensure privacy compliance. This is one of the most sure-fire ways to maintain loyalty and trust as a business and a brand.
Security Professionals Rise to the Challenge
Security teams and privacy principles have risen to the challenge of guiding organizations to stay compliant with regulations while negotiating a fine line between individual rights and public safety.
According to the Cisco Privacy Report, data privacy management has become one of the highest priority tasks among security professionals, with 34% of survey respondents “indicating privacy is one of their core competencies and responsibilities.”
Fortunately, the healthcare industry is beginning to address data and security concerns in light of new mandates related to information blocking, consent management, and data sharing. When it comes to data privacy issues, a healthcare data platform that emphasizes interoperability is immensely valuable.
The SkyPoint Data Vault is one of many empowering features within SkyPoint’s healthcare data platform. The data vault allows your organization to both protect and leverage patient data as teams are able to securely collect and update PII in a zero-trust vault.
Having a single patient database makes it easier to safeguard information while making data more accessible across the healthcare continuum so patients get the quality care and experience they deserve.
When Personal Data is Protected, Everyone Wins
If the pandemic has taught us anything, it’s that privacy laws and requirements worldwide may change in a heartbeat. Those organizations that have long prioritized privacy are better positioned to negotiate new privacy regulations as they arise.
When asked how the respondents felt their ability to handle privacy changes was, 70% of the high-maturity organizations said handling privacy changes did not cause any undue stress, compared to 42% of the medium-maturity organizations, and only 24% of those that are low maturity.
The pandemic has highlighted the need to balance understanding COVID-19 with surveillance health programs to protect public health without sacrificing personal data protection. However, within the healthcare industry, which most often continues to run on outdated networks, the pandemic is a stark reminder that strengthening HIPAA compliance, data privacy protection, and searching for data privacy solutions has never been more critical.