How increasing data security can boost trust in the digital era
New approaches can secure data to better protect patient information, reaffirming the importance of ensuring patient trust in care organizations.
As the healthcare industry grapples with an unprecedented wave of data breaches, many experts see the need to secure patient information to ensure ongoing patient safety.
In a recent roundtable, industry leaders shared insights on advancing data security practices, underscoring a critical shift — data security must now become a core element of patient care.
Using a framework reminiscent of medication administration safety — the "Five Rights" — professionals participating in the discussion explored the essential measures for safeguarding data exchanges in healthcare.
Data security: A matter of patient safety
The stakes have never been higher. “If last year’s United Healthcare breach taught us anything, it’s that 100 million compromised records should make us all uncomfortable,” noted Mitchell Josephson, CEO of Health Data Management. He emphasized that healthcare executives must understand that data security is no longer the exclusive domain of IT. The impact is personal, and everyone in healthcare leadership has a role in safeguarding patient data.
Data breaches affect more than just databases — they erode trust. Jared Jeffrey, CEO of healthKERI, drew a powerful comparison to the Five Rights of medication safety. He introduced the Five Rights of data exchange — the right data, the right source, the right role, the right purpose and the right route.
These principles provide a framework for ensuring secure data exchange across healthcare systems. “We need to treat data security with the same rigor as patient safety because, in essence, cybersecurity is patient safety,” Jeffrey explained.
Building a resilient architecture
Traditional security models often rely on trust-based networks, which can leave critical data vulnerable to breaches. To counter this, experts are advocating the use of a zero-trust model.
Ken Deans, CEO of Health Sciences South Carolina, shared his organization’s journey to implement a zero-trust approach, layering cryptographic verifications into every data transaction. "For us, it’s about verifying each piece of data at every step," Deans stated. This approach, based on open-source protocols, offers an alternative to centralized certificate authorities and introduces decentralized, cryptographic solutions to build more resilient systems.
Zero trust, which revolves around not trusting any entity by default, ensures that only verified sources can access or alter data. This architecture enabled Health Sciences South Carolina to secure data without relying solely on external certificate authorities, which are often points of failure.
“The healthcare system relies too much on the assumption that data sources are trustworthy,” added Deans. “With zero trust, we’re moving from assumption to assurance.”
Addressing the human factor
One of the recurring themes in the discussion was the role of transparency in building patient and provider confidence.
“Direct secure messaging doesn’t happen without trust,” noted Kathryn Ayers Wickenhauser, chief strategy officer at DirectTrust. She explained that as more organizations adopt complex data systems, transparency about security practices is essential to maintaining trust.
DirectTrust, a nonprofit alliance, has established standards and accreditation services to ensure that healthcare entities adhere to rigorous security protocols, thus reinforcing trust in an increasingly digital healthcare landscape.
Transparent communication with patients is equally crucial. “Patients need to know that we’re taking their data security seriously,” emphasized Wickenhauser. Trust isn’t just a technical requirement but a social one; patients must feel confident that their personal information is handled responsibly. By integrating transparency into its security protocols, DirectTrust builds a bridge of confidence between healthcare providers and patients.
Proof-of-concept initiatives
No security model is complete without rigorous testing, and healthcare organizations are starting to invest in proof-of-concept trials to evaluate new security approaches.
During the roundtable discussion, Phil Feairheller, CTO of healthKERI, detailed the use of the KERI protocol — a decentralized public-private key infrastructure that ensures cryptographic security in every transaction.
Feairheller explained that their proof-of-concept trial included penetration testing and key rotation, with results that demonstrated the resilience of this architecture. “This isn’t just theory — we tested it with thousands of data transactions and came out with zero vulnerabilities,” he contended.
Feairheller highlighted that their model enables data exchange over any channel, supporting a wide range of healthcare data types, from HL7 messages to DICOM images. This flexibility is crucial in healthcare, where interoperability is often a barrier to secure data sharing. By integrating these open-source protocols, healthKERI aims to future-proof healthcare data exchange against both current and emerging threats.
Industrywide efforts needed
The roundtable underscored that cybersecurity isn’t just an IT issue but a vital component of modern healthcare that demands collective action.
The Five Rights of secure data exchange offer a framework for organizations to standardize security while adapting to evolving threats. “Healthcare data security is everyone’s responsibility,” said Josephson. “We can’t wait for the next breach to make changes.”
The healthcare industry is beginning to view data security as a shared commitment to patient safety. The many segments in the industry increasingly understand that secure data exchange has become as critical to patient care as any clinical intervention.
This proactive stance is more than a safeguard; it’s a step toward building a healthcare system where patients, providers and administrators can trust that sensitive information is protected.