Rapid changes in care delivery to respond to COVID-19 may accelerate the industry’s efforts to protect patients’ privacy. In fact, consumers and regulators are likely to demand it.
As in many other industries, digital technology, cloud-based computing, and AI are poised to transform the health care industry. The global pandemic has accelerated the adoption of many of these technologies. However, as in all business models that rely on aggregation and dissemination of data—in this case, confidential personal health information—the ability of the industry to protect patient privacy is paramount.
COVID-19 has sparked an accelerated movement toward virtual health, including telemedicine and remote patient monitoring. After getting a taste of how easy it is to engage with a physician remotely, many patients are developing an appreciation for how health care is changing.
Many health systems and telehealth technology providers are seeing rapid increases in patient demand for virtual visits, and many insurers, including Medicare, are increasing reimbursement for telehealth visits. By some estimates, COVID-19 likely has accelerated the movement toward a new health care delivery model by five to 10 years.
Telehealth is only one aspect of the future of health care, which is expected to be driven by radically interoperable data, enabled by technology, and centered on the consumer. These forces, along with digital transformation and open, secure platforms are likely to power an approach to health care that is focused on sustaining wellness rather than responding to illness.
Many consumers are already embracing devices that monitor their vital signs and activities, such as wearable trackers, mobile phones, and home appliances. The convergence of that data often presents indicators of potential health issues that can be monitored by health care providers, who can respond and act to potentially head off problems before they escalate to more serious conditions.
The privacy implications of this health care delivery model of the future are significant. Consumers have many questions about who is recording and monitoring their personal health information, who can access it, how it is used, and how it is protected.
Organizations with a stake in the movement toward a more digitally enabled health delivery system might commit themselves to addressing these privacy issues as an important foundational step. Confirming privacy could become not only a compliance requirement as a growing number of state and federal agencies seek to regulate it, but also a brand-enhancing competitive advantage that could position some organizations ahead of others in the marketplace.
Proactive Approach to Privacy
Future regulatory initiatives and business models are likely to pose significant challenges for health organizations and their affiliates. Regulations governing privacy, medical licensing and reimbursement, and other issues may need to be modified.
The need for a consumer-centric approach is likely to grow. Consumers may expect more control over their data, and they likely will demand more security, transparency, and granular privacy preferences with personalized experiences. They might also recognize that sharing personal health information can lead to better personal health outcomes.
At the same time, business requirements will likely increase. Based on new interoperability rules, organizations may need to collect and integrate more data across interoperable platforms. Proactive privacy involvement in the design process may lead to more engagement by consumers and the ability of providers to deliver improved care. Health care organizations may also identify ways to leverage the data subject to privacy regulations to potentially generate new revenue opportunities.
Enterprise privacy programs can position organizations to respond to these elevated demands. Organizations have an opportunity to develop privacy program strategies and governance practices that are driven by principles, enabled by technology, and scalable.
To proactively address the shift in health care delivery models, consumer expectations, and operational requirements, organizations might consider strengthening their enterprise privacy capabilities. This includes addressing elements such as privacy policies, procedures, notices, individual rights management, and more. By evaluating existing capabilities and relative program maturity and then developing a prioritized road map, organizations can move toward a thoughtfully planned privacy platform that supports their readiness for anticipated industry shifts, scalability, and the achievement of compliance goals.
A privacy-enabled technology implementation is a critical component of the privacy platform. It might focus on, for example, data discovery and inventory, identity and consent management, individual rights, cookie management, incident response, and breach management. Identity-driven data operations and strengthened data protection controls round out the platform and, among other benefits, likely enable greater business adoption and improved user experience.
A formalized change management process also may be important to consider. Effective change management strategies generally address program governance, operating model development, training for affected audiences, program communications, and talent strategy.
Early Adopters Advantage
Regulations such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act receive a great deal of attention for demanding more accountability for how organizations manage private information, but they represent just the tip of the iceberg. Initiatives are under way or under consideration in many U.S. states, at the federal level, and in other countries to require organizations to take measures to protect the personal information they collect, use, and store.
Beyond mandated compliance requirements, organizations may want to consider more proactive privacy measures because they could become a competitive advantage. They likely will be rewarded in the marketplace as early adopters offering significant protections.
What’s more, data-convening organizations that partner with health care providers may offer a boost to top-line revenue growth. These organizations are expected to aggregate and store a wealth of individual, population, institutional, and environmental data, driving a new economic model centered on collecting, aggregating, analyzing, and producing scientific insights. This model can not only improve health outcomes but also potentially create new revenue streams.
In the future of health, consumers likely will be empowered by data to proactively manage, participate in, and create personal care models in collaboration with their health care providers. They can protect themselves from reactive care and health emergencies and shift the focus to holistic management of their own wellness. Consolidated health records and more granular privacy preferences, including data portability and convenient use, likely will become major enablers of this model.
Privacy programs may need to enhance individual rights and preference management capabilities, such as control and ownership over medical records, to enable a positive user experience and build trust. In this new delivery model, organizations that provide such control and security likely will be the early winners in collaborating with others to gather and use personal data.
—by Simon Gisby, U.S. and Global leader for the Life Science and Healthcare practice at Deloitte Corporate Finance LLC and the Future of Health leader for the Deloitte U.S. Risk & Financial Advisory practice; and Eric Bowlin, partner, life sciences and health care privacy leader, Deloitte & Touche LLP