The healthcare industry has embraced technology to handle its vast medical records data. When digitized, data would become interoperable by different healthcare institutions. Data sharing allows professionals and clinical staff to seamlessly access patients' public information to generate customized treatment plans, ultimately reducing time and cost. However, security concerns are still an ongoing issue.

Benefits of data sharing in healthcare

Data sharing holds multiple benefits for healthcare organizations. These perks include saving time for hospitals to gather patients' data, streamline operations, increase data accuracy, and optimize patients' experience.

A time-saving measure to collect data. Patients can receive their prescriptions from one hospital but purchase their drugs from a different pharmacy, which results in a lack of consolidated data between these institutions. Therefore, unifying health data allows institutions to access a mutual data pool. Data sharing also helps doctors save efforts from processing patient information manually.

Data accuracy. When the patients' data is synchronized across different organizations, the possibility of duplicated results is eliminated. A study from MIT showed there were no reports of patients' re-identification through publicly available data [1]. Besides, providers are less likely to see patient data as proprietary, encouraging them to refrain from sharing clinical data to prevent patients from seeking services outside their system.

Optimized customer experience. Retrieving patients' data could give healthcare professionals a comprehensive view of patients’ medical conditions. By using the medical history data from the database, doctors can engender better understanding and assessment in building a tailored treatment plan for patients.

Current data sharing challenges in the healthcare industry

Much as the benefits of making data accessible for hospitals are undeniable, certain challenges arise, including patients' unwillingness to disclose personal information and potential data threats.

Patients' hesitation in sharing private information

A trusting connection between patients and healthcare providers relies on health professionals' respect for privacy through appropriate confidentiality practices. According to Health IT Analytics, 87% reported showing a lack of trust or feeling somewhat concerned about their data being shared. While 28% of patients trusted the institutions' efforts to secure their data, 35% still remained skeptical [2]. One of the reasons for patients' apprehension is due to some healthcare professionals who sell patients' information without prior knowledge or consent. According to a study by Accenture, 18% of healthcare workers are willing to sell private information to unauthorized parties for around $500 to $1,000 [3]. Consequently, customers' data could be severely exploited when selling data to third-party organizations, which could be demonstrated in the following case of Pharmacy2U - the UK's largest NHS-approved online pharmacy.

In 2015, Pharmacy2U gave private information to marketing company Alchemy Direct Media (UK) Ltd, where this company later sold every 1000 records to three other corporations for £130 each. One of the corporations was a lottery company that deliberately targeted elderly and vulnerable people from patients' data. As a result, some patients reported losing money because their details were passed on. This issue took a considerable toll on Pharmacy2U's reputation for data security and healthcare ethics violation, followed by a monetary penalty notice of £130,000 and negative press attention. Therefore, it is important to train healthcare staff to adhere to ethics and comply with data privacy regulations to gain patient trust.

Potential cyberattacks

Patients' data could be proven invaluable for hospitals, but it is also the target cybercriminals aim at. Specifically, protected health information (PHI) - one of the most sought-after commodities on the dark web - is estimated to be sold for $1,000 per record, while credit card numbers are only worth about $5 [4]. One of healthcare organizations' most common data attacks is ransomware, which reached a staggering $20 billion in 2021 globally [5]. Repercussions associated with ransomware include data loss, downtime, lost productivity, disruption of corporate operations during an attack, and heavy reputational damage. Medibank - one of Australia's largest private health insurers - has been a recent victim of ransomware.

In October 2022, a group of affiliated Russian cybercriminals launched a ransomware attack on Medibank. After Medibank refused to pay the $10 million ransom, the hackers released 9.7 million customers' data on the dark web, including private medical documents such as pregnancy terminations, drug addictions, and alcoholism. The consequences of the data breach for the organization included a possible fine of $712 million. Coupled with the revenue loss from the fine, Medibank also had to provide $101 million for customer remediation efforts. What's worse, the company also experienced a major decline in customer trust, leading to a possible $450 million class-action lawsuit due to the breach of sensitive data [6].

The future of data security for the healthcare industry

Data sharing could be an ideal scenario for hospitals as a time-saving and cost-effective measure for doctors and patients. The healthcare industry is predicted to spend $125 billion on cybersecurity from 2020 to 2025 [7]. Along with major spending on reinforcing healthcare security, hospitals also need to implement a robust health IT infrastructure that facilitates the sophisticated use of electronic health data. Healthcare institutions also have to ensure that they select business associates that comply with HIPAA privacy regulations. According to a study by Kaspersky, 32% of healthcare employees reported they had never received cybersecurity training from their workplace [8]. Thus, training staff about data security is essential to mitigate cybersecurity risks since human error or negligence can lead to a potential data breach for healthcare institutions.

Another way of protecting healthcare data for hospitals is to constantly update the systems’ software. While upgrading software to newer versions can be expensive, it is proven effective. The updated software has bugs fixed together with enhanced features, ensuring medical records are stored in a secure and supported environment. Therefore, updating software is valuable in case of security breach prevention, and medical institutions can also benefit from it in the long run.

Author Tuan Minh Tran