AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

Transcription

1 AUSTRALIA Building Digital Trust with Australian Healthcare Consumers Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust

2 2 Consumers in Australia trust healthcare organisations to protect their digital data it is our responsibility not to breach that trust. DIGITAL HEALTHCARE DATA Personal health information that is stored electronically, such as in electronic health records maintained by a person s doctor or healthcare provider, wearable health devices, mobile apps or health insurance records. Most Australian consumers (89%) believe the security of their digital healthcare data is important, yet according to an Accenture survey, 16% have experienced a breach of their healthcare data. While many Australians trust their general practitioners, pharmacists, specialists, nurses and pathology labs to keep their digital healthcare data secure that trust is at times misplaced and once gone, is almost impossible to restore. In response, more than a quarter of consumers who experienced a breach switched to another healthcare provider. To better understand consumer attitudes toward healthcare data, ethics, digital trust, roles and responsibilities, data sharing and breaches, Accenture conducted a survey across seven countries. This report focuses on results from consumers in Australia and on cybersecurity and digital trust for health records. DIGITAL TRUST The confidence placed in an organisation to collect, store and use the digital information of others in a manner that benefits and protects those to whom the information relates. By examining digital trust and the impact of breaches, the Australian government and private healthcare organisations can become better prepared to proactively manage risks using the Prevention, Detection and Correction approach to health information security.

3 3 Australian healthcare consumers don t entirely understand healthcare data security Australia ranked lowest in terms of level of healthcare data security understanding, compared with the seven other countries surveyed. (Figure 1) In fact, only 8% said they know a lot about data security in healthcare. Only 42% of Australians understand digital healthcare data security. Although Australia is a predominantly tech-savvy country with high use of smartphones, digital payments, online shopping and other digital technologies, there is a general lack of digital healthcare data literacy. While these figures are disappointing, they provide a mandate for data custodians to provide a higher level of transparency and education to consumers on the security of their health records. FIGURE 1. Healthcare consumers in Australia have the lowest degree of understanding of digital security. 55 % 42 % 14 % 41 % 34 % 8 % 34 % 40 % 42+F 42 % digital healthcare data security 100+FUnderstand 11 % Global 18 % Australia Nothing at all Not very much A little A lot Source: Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust

4 4 Not surprisingly, given that 58% of Australians don t know much about healthcare data security, one in six Australian consumers has experienced a breach of their healthcare data. Of the 16% who experienced a data breach, 7% had it happen once, 5% had it happen The stolen data was used by thieves for a variety of purposes ranging from fraudulently (21%) (Figure 2). The consumers identities were used fraudulently in 93% of the breach instances. Australian consumers who voiced concerns about a breach most commonly worried that others would use their data fraudulently (69%). They also worried about the and discrimination (31%). On average, the data misuse cost the victims $219 each. FIGURE 2. Victims of medical identity theft report stolen IDs were used for fraudulent activities. 46 % 40 % 26 % 21 % 5 % prescriptions Fraudulently bill for care Fraudulently receive medical care Purchase items Access or modify health records Source: Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust

5 5 Breaches may not happen where Australian consumers expect them Among those Australian consumers who experienced a breach, most often, the breach occurred in a hospital (43%) the second most trusted entity to keep data secure. (Figure 3) 100+F HIGHEST PERCENTAGE OF BREACHES 43 % Hospital 43+F 100+F 10+F LOWEST PERCENTAGE OF BREACHES 10 % Laboratory, Tech/app company FIGURE 3. Digital healthcare data breaches are occurring across a variety of locations. Hospital 43 % Pharmacy 28 % Retail clinic 24 % Physician's office 18 % Government Urgent care clinic Employer Laboratory A tech/app company 14 % 13 % 11 % 10 % 10 % Source: Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust

6 6 In addition, 28% said the breach happened at a pharmacy and 14% indicated that the breach had occurred through government, which ranked second to last among the entities consumers trust to keep digital health data secure. (Figure 4) FIGURE 4. Healthcare consumers have varying degrees of trust in healthcare organisations. My physician(s) or other healthcare providers 3 % 14 % 52 % 32 % 83% Hospitals I visit 5 % 16 % 52 % 28 % 79% My pharmacy 4 % 18 % 37 % 23 % 77% Labs that process my medical tests 5 % 19 % 52 % 24 % 76% IT support for my physician s office or other medical site 5 % 29 % 52 % 14 % 66% Urgent care or walk-in retail clinics I visit 7 % 29 % 52 % 12 % 64% Government 12 % 25 % 47 % 16 % 63% Non-medical staff at my physician s or healthcare provider s office 8 % 31 % 50 % 12 % 62% Tech companies (i.e., for wearables/ health apps I use) 16 % 42 % 37 % 37 % 5 % 47% Not at all Not vey much Somewhat A great deal Source: Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust

7 7 Consumers take action after breaches, sometimes toward healthcare providers In response to the breach of their healthcare data, a third of Australian consumers changed their healthcare provider. While changing medical provider is the action most often taken, others (26%) changed passwords or other credentials, added security software to their personal computer (24%) and sought legal help (23%). (Figure 5) These figures provide a stark caution that we need to be more accountable to our service users or they may take legal action or potentially desert us for a competitor. FIGURE 5. Consumers react to a breach in ways that go beyond changing passwords. 78 % of consumers took steps in response to a breach CHANGED HEALTHCARE PROVIDERS 31 % 26 % 24 % 23 % 22 % 21 % 21 % 7 % 6 % Changed passwords or other credentials Added security software to my computer Got legal help None of these Subscribed to identity protection service Involved the police Other Reported it to the organisation holding my data Source: Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust

8 8 Building digital trust Five million Australians have an electronic health record - and that number will only increase. As more records go online, more Australians will also be at risk of a data breach. International experience has taught us that some breaches are virtually inevitable. However, government entities and private healthcare providers can do more to ensure that information is protected securely. Moreover, healthcare organisations in Australia should establish digital trust early on to build a foundation that helps consumers to weather the storm of a breach. Trust is built when people know how their information is secure and protected. It is time for healthcare providers, private health insurers and other organisations that handle health data, to strengthen cybersecurity capabilities, improve their defences, build resilience and better manage corrective actions following detection of breaches in keeping with the guidance from the Office of the Australian Information Commissioner. The global rise of consumerism has created the culture of 24/7 online, mobile access to personal information. Australia s success at protecting the privacy and security of digital health information will be determined by how well prepared we are to respond to the threats, and how firmly committed we are to establish digital trust with Australian consumers.

9 9 Key actions to focus on: IMPROVE RESPONSE CAPABILITIES In conjunction with improving detection, handle breaches quickly and efficiently, in a way that limits damage. VALIDATE DOWNTIME PROCEDURES Strive to reduce recovery time to minimize impact on patient care and business operations. SHARE THREAT INFORMATION Act on learnings and share them with others. Communicate to consumers the actions you have taken. RE-BOOT YOUR APPROACH Embrace an end-to-end cyberdefence that recognises a spectrum of threats, minimises exposure identifies and protects high-priority assets. Consider cybersecurity solutions from proven industry insiders, highly skilled specialists may be hard to find. MANAGE YOUR RISKS Make targeted cybersecurity investments that will deliver measurable returns and help you build digital trust with healthcare consumers, who are increasingly security-aware.

10 10 Accenture Cybersecurity Checklist Explore these key actions to fortify your health enterprise: INNOVATION & STRATEGY Prioritise a security strategy Create a security policy Carry out a risk review CISO STRATEGIC ROLE Strengthen the Chief Information Security Officer role RESPOND TO THREAT LANDSCAPE CHANGES Implement monitoring and alerting Carry out regular security awareness training CONTROLS AND GOVERNANCE Manage system access Manage applications Patch systems Establish a mobile device policy Segment and monitor the network Back up data regularly Implement an incident response plan SECURITY TECHNOLOGIES Encrypt sensitive data Implement adaptive perimeter controls Consider cloud providers

11 11

12 For more information Ian Manovel Follow us on Accenture Health Accenture 2017 Consumer Survey on Healthcare Cybersecurity and Digital Trust Accenture commissioned a sevencountry survey of 7,580 consumers ages 18+ to assess their attitudes toward healthcare data, digital trust, roles and responsibilities, data sharing and breaches. The online survey included consumers across seven countries: Australia (1,000), Brazil (1,000), England (1,000), Norway (800), Saudi Arabia (850), Singapore (930) and the United States (2,000). The survey was conducted by Nielsen on behalf of Accenture between November 2016 and January The analysis provided comparisons by country, sector, age and use. About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialised skills across more than 40 industries and all business functions underpinned by the world s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 400,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at About Accenture Insight Driven Health Insight driven health is the foundation of more effective, efficient and affordable healthcare. That s why the world s leading healthcare providers and health plans choose Accenture for a wide range of insight driven health services that help them use knowledge in new ways from the back office to the doctor s office. Our committed professionals combine real-world experience, business and clinical insights and innovative technologies to deliver the power of insight driven health. For more information, visit: insightdrivenhealth. Copyright 2017 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.