Lee Barrett: Increased Data Exchange in Value-Based Models Poses Cybersecurity Risks

The shift to value-based payment models necessitates greater exchange of data and analytics, including the use of personal health information (PHI), said Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission. This heightened amount of data being transferred makes it essential for organizations to have procedures in place that mitigate the risk of data breaches or attacks.

Transcript (slightly modified)

How does the move to value-based payment and the move toward the Merit-based Incentive Payment System and alternative payment models increase cybersecurity risks?

With all of that, what it’s doing is it’s increasing the amount of data exchange, whether or not it’s going through various analytics, it’s more patient-centered in relation to a lot of the access, opt-in, opt-out, for all these various organizations and options that patients have. But they’re also exchanging data with a lot of different stakeholders.

So, the amount of data, the analytics, the clinical data, the use of being able to exchange even email data with clinical information between entities needs to be in a secure environment. It needs to use, for example, the direct protocol for authenticating between the 2 entities and encrypting the message.

It’s the technology, it’s the amount of data, it’s the amount of additional PHI that’s actually going through all these various data exchange points, so it’s increasing the number of exchange points. It’s increasing the amount of data. All the registries, et cetera, that are all part of this, all have to have the type of policies, procedures, controls in place, and the risk assessments that are necessary to identify any gaps or vulnerabilities and threats that they need to mitigate.