The Data Scientist - the WPC Healthcare Blog

First Things First, Data Maturity and the Anthem Security Disaster?


The Anthem data breach affects 80 million healthcare consumers. So how are we going to help payers and healthcare providers do a better job protecting patient data? At WPC Healthcare we believe that the underlying problem and solutions centers on data management (or a lack thereof).

Is it really that simple? In many ways, yes.

As healthcare organizations chase after Big Data and the insights related to that data, they also become more vulnerable. These insights can only be gleaned from the integration and aggregation of diverse data sources and is driving many healthcare companies to consolidate information into a single repository creating an exponentially greater security problem than we face today. Although an exciting opportunity this process and how it’s being approached makes us nervous.

Putting all your eggs in one basket creates a very attractive target for hackers, who are highly motivated by high-value patient information, to attempt to gain access. According to medical fraud experts interviewed in a recent Reuters article, medical information is worth 10 times more than your credit card number on the black market for fraudulent billing gains. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a US credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company.

What we lack as an industry is maturity around data governance. Given the myriad of competing priorities including Meaningful Use, ICD-10, and the race toward evolving reimbursement models, healthcare organizations have underinvested in the basics including data governance. To date, data governance has largely been an afterthought—and unfortunately there is no silver bullet. It’s the beginning of a journey to assess, manage, use, improve, monitor, maintain, and protect organizational information. It is that process that creates the best possible environment to draw real insights from a considerable asset in a secure environment, a true data governance framework.

A solid data strategy begins with an understanding of where data is located throughout an organization. Healthcare data resides in many disparate systems. Governance goes a step beyond that. Since our data scientists often express things as an equation, I’ll attempt to do the same:

Legal (what are we required to do)
Business Needs (what we want to achieve)
IT (our technical capabilities)

Policy (what we have agreed to do)
Enforcement (the tools in place to enforce policy that creates a notification about a problem)
Enablement (what’s possible based on an effective strategy)

True data maturity is achieved when all data sources are identified and managed in a consistent, secure fashion. Although not as sexy as data science, there is an ROI for data governance and data maturity, especially when viewed as a strategic requirement to propel an organization forward toward value-based care. Think of it this way, without a solid foundation an advanced data strategy is only as good as the data it uses to create insights. Unreliable data, unreliable results.

Certainly, Anthem jumped on the security breach quickly. Even Anthem’s CEO was affected spurring him to send a personal note to every member. There is no doubt that this helped to manage a serious crisis. But what they do from here is what matters.

[View the related Reuters article]