Big Data can lead to Big Headaches
August 1, 2014 | By Emily Avila |
The promise of Big Data—the sharing of health information among physicians, hospitals and other providers in the continuum of care, access to millions of medical records to analyze outcomes and determine the best treatments—has yet to be realized. The implementation of the Affordable Care Act, and its requirement for providers to demonstrate “meaningful use” in order to secure Medicare payments, is certainly nudging progress along. Venture capital funding, however, is probably doing more than the ACA in the race toward health care data analytics—investments to startups in this space have jumped 100 percent year over year, according to one report.
Health care providers, as well as start-ups and established companies in health care, are wise to look at other sectors as they venture into the world of big data collection and sharing. The landscape is littered with fallen CEOs—and stock prices—in finance and retail due to widely publicized security breaches. A recent article in The New York Times discussed the relatively new, and thankless, job of chief information security officer. The general thesis of the article was that this person is typically hired as chum for the sharks when a data system is compromised.
The first reaction of many companies and organizations when they realize there has been a security issue is to bring in a phalanx of lawyers. Certainly, having legal counsel as part of the “rapid response” team is prudent. But if the second phone call is not to a crisis communications expert, then the company is most assuredly destined to struggle.
While it’s true that the best medicine is prevention—that is, preventing the crisis in the first place is the best approach—it’s not realistic to think any one company can fully avoid risk among the international circles of hackers, thoughtless or nefarious employees, or masterminds of corporate espionage.
The second best line of defense is a good offense. There is no easy way out of crisis, except through it—quickly, and with transparency. Having a well-planned crisis response plan, with internal and external communications procedures clearly outlined, should be central to any organization’s security protocol. A company that embraces openness and transparency, and is prepared to “come clean” quickly in a crisis, has two benefits over companies that don’t.
First, a company whose executives are trained and prepared to face the news media and public scrutiny may be more inclined to put in place the appropriate security protocols that would avoid the breach in the first place. Among the most notorious security breaches in the last decade, some companies’ lack of basic security measures was staggering. If the CEO and CIO thought for a minute that they would have to stand before an army of reporters and explain their negligence, would they have been more careful?
Second, the companies that seem to have suffered the most—a fired CEO, a significant drop in sales and stock price, a dog-and-pony show before Congressional hearings—were the ones who simply handled it badly. A leaked story from a disgruntled or self-righteous employee (hello, Mr. Snowden), executive foot dragging, legal strategies based on “silence at any cost”— these are all ingredients for a stew of bad publicity, legal action and impact on the bottom line.
So what is a health care company to do?
First, run your security operation as though you’d have to explain and defend it on CNN tomorrow.
Second, identify and appoint a rapid response team that includes a crisis communications expert. Develop a communications plan, down to the logistical details (Where will the media be placed? Who is the spokesperson? Has that person been media trained? How will we communicate internally?). Train all your executives and managers on the crisis response and communications plan.
Finally, commit to a rapid and transparent response. Remember: the best way across thin ice is to skate faster.