In this edition of NIHR, DXC Technology, the world’s leading independent end-to-end IT services company who deliver services in partnership with HSCNI, share advice as to how you can inspire and accelerate your organisation’s digital transformation journey.
What’s Happening to my Data?
George Mathew, MD, Chief Medical Officer for the North American Healthcare organisation for DXC Technology, weighs in on the significance of securing patient trust and loyalty through your digital strides.
The relationship between the healthcare provider and patient has been upended. Digitisation and an increasingly engaged patient have created new expectations, and traditional providers have been caught short.
While healthcare providers have been focused on outcomes, patients are demanding convenience. According to a 2019 Healthcare Consumer Trends Report, 80 per cent of patients said that they would switch providers for convenience alone.
Patient-driven care requires a new way of thinking. On one hand, providers need to respond to the likes of Google and Amazon, the in-store clinics, and the chatbot health providers by delivering care where patients are – in their neighborhoods, at home, and at other easy-to-access facilities.
But on the other hand, an equally pressing need exists: providers must respond to the trust factor. The rapid rise of the tech giants in the healthcare space has raised alarm about data privacy and how patients’ data is being used. The Cambridge Analytica scandal woke the public up to just how vulnerable their data can be in the wrong hands.
The purpose of healthcare data should be to help patients get better. The use of a patient’s data for profit destroys that objective. But there is an opportunity to ‘wow’ patients by leveraging data in a way that benefits them in an ethical way.
To meet the expectations of the new, empowered patient, traditional providers need to reinvent their model of care. It starts by demonstrating transparency in everything they do and by working collaboratively with patients to deliver health benefits. If patients know and trust what their healthcare provider is doing with their data, and if they know that data won’t be used in a way that could potentially harm them in the future, they are more likely to be loyal and to work collaboratively with that provider.
One model that providers could consider adopting is becoming a data steward. At the start of the relationship, you explain to the patients how you will use their data – for example, you may broker care for them with other healthcare providers but only with de-identified data. And you guarantee you won’t sell their data to a third-party. Such a model works only if the provider is completely transparent. You list everything in a way that patients can understand, so that they know exactly what will happen to their data. And then you reward those patients by providing discounted health services, similar to how retail co-operative models offer discounts to their members.
This can support the creation of more scalable care models, such as peer-to-peer counselling where, for example, a patient with well-controlled diabetes might be certified to monitor a pool of patients. As those patients start to realise improvements – improved diets, adjusted medications, better management of their glucose levels – you incentivise the lead patient. This might be in the form of cryptocurrencies or credits for a discount on their medication.
Patients may value convenience, but they also value trust, transparency and responsiveness to their care. A report from Press Ganey found that having well-co-ordinated care and good teamwork among caregivers is a priority for building loyalty.
To win back the empowered patient, the patient-driven care model must be reinvented. It must bring convenience – such as more telehealth services, easier access to appointments, and care centres near the location where the patient lives and works. But it must also be about winning the trust of patients who have rightly become suspicious of how their data may be misused by non-traditional players. Transparency and collaboration through well-defined co-operative models will go a long way toward regaining that loyalty.
Mark Hughes, Senior Vice President and GM of Security at DXC Technology, highlights why you should – and how you can – forge a thorough cyber-resilient culture for your business.
No enterprise is completely immune to cyber security attacks. Instead of focusing solely on preventing attacks, organisations should ensure that they are able to respond quickly, recover and maintain operations. In other words, they should become cyber-resilient.
Cyber-resiliency requires establishing policies and processes that help an organisation to survive and continue to execute its long-term strategy in the face of evolving security threats.
Cyber-resiliency should be part of a holistic approach to security that takes all aspects of the business into consideration, from employees and partners to the board of directors.
Improving security is not a one-time project, but instead is a programme of continuous improvement.
To become cyber-resilient, enterprises must strike a balance between these three actions: protecting critical assets, detecting compromises, and responding to incidents. Making the IT landscape cyber-resilient requires investments in infrastructure, design and development of systems, applications and networks.
At the same time, organisations must create and foster a resilience-conscious culture, of which security is an essential part.
An enterprise cyber-resilience strategy includes three main components:
Adapt Business and IT Systems to Next-Generation Threats
Enterprises must prepare for global malware and ransomware attacks, as well as more subtle attacks, where the adversary lurks inside the network. Begin by defining your enterprise security architecture to address prioritised risks. Get a fresh baseline of your current security stance. For example, find out how your enterprise would recover from ransomware if multiple sites, the Active Directory, and back-up platforms were to become encrypted. Evaluate critical applications and their dependencies on infrastructure; then define a communications and command structure to ensure business continuity.
Update your Security Governance Strategy
Governance is essential to successful security planning and key to attaining cyber-resiliency. To ensure that your strategy measures up, incorporate strategies for protection, detection and response. Update and test business continuity and crisis management plans to cover new models of sourcing. Expand crisis management requirements to include all partners and suppliers. Make board members aware of cyber risks and the steps to effective cyber-resiliency. Review and refine older access and software-patching policies and consider adopting role-based access control to more efficiently regulate access to computer and network resources.
Create a Resilience-Conscious Culture
Encourage all employees – not just the cybersecurity team – to adopt a cyber-resilient mindset. Stress that employees are the first line of defence when it comes to threats such as phishing and malware. Promote collaboration across teams with pertinent information about security and threats. Coach employees to share knowledge with appropriate authorities and peers both within and outside of the enterprise.
Keep Looking Ahead
New threats are emerging as organisations adopt new technologies as part of ongoing digital transformation. Enterprises must be prepared and properly staffed to address these challenges:
• Internet of things (IoT) vulnerabilities. Consider system cyber and physical security requirements and resilience before widely deploying and depending on IoT systems. Use IoT gateways and edge devices to segregate and provide layers of protection between insecure devices and the internet to help manage the overall lack of IoT security
• Blockchain complexities. Blockchain technology, by its nature, is distributed and resilient. But blockchain moves transactions toward a decentralised model, making it essential to control private cryptography keys. When embedding security into blockchain transactions, use role-based authentication and end-to-end encryption to properly protect data
• Lack of Security Operations Centres (SOCs) resources. Examine the important role SOCs play in bringing together the resources needed to direct the defence. Define what constitutes suspicious activity, identify vulnerabilities, configure detection technologies, search for and validate active threats and ultimately notify affected parties. SOCs must manage and monitor identities, as well as ensure compliance with policies and regulatory requirements
• Transition to DevSecOps. Consider adopting a comprehensive DevSecOps model that incorporates review and governance and supports faster release schedules and innovation. Determine whether your organisation can commit to the requirements necessary for success, which include changing to a culture of collaboration, building security throughout the development life cycle and evaluating technical and business risks
Achieving cyber-resiliency should be a modular transformation that evolves from a well-defined strategy to a project roadmap. Make sure you define a strategic direction aligned with business objectives, outline a plan to achieve that direction, and ensure proper execution of that plan, including decision-making based on risk management.
For more information, visit www.dxc.technology.
DXC Technology value our 30-plus years delivering services in partnership with Health and Social Care Northern Ireland (HSCNI). We have deep local and global expertise, with unmatched domain knowledge, and a focus on next-generation healthcare technology, complemented by access to subject matter expertise across the industry. DXC is widely recognised as a world leader in the delivery of technology and emerging innovations in healthcare at national and global levels. Locally in Northern Ireland, we continue to focus on those challenges specifically being faced in today’s Northern Ireland healthcare.
For more information, visit www.dxc.technology/healthcare.