Video

Lee Barrett: Increased Data Exchange in Value-Based Models Poses Cybersecurity Risks

The shift to value-based payment models necessitates greater exchange of data and analytics, including the use of personal health information (PHI), said Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission. This heightened amount of data being transferred makes it essential for organizations to have procedures in place that mitigate the risk of data breaches or attacks.

The shift to value-based payment models necessitates greater exchange of data and analytics, including the use of personal health information (PHI), said Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission. This heightened amount of data being transferred makes it essential for organizations to have procedures in place that mitigate the risk of data breaches or attacks.

Transcript (slightly modified)

How does the move to value-based payment and the move toward the Merit-based Incentive Payment System and alternative payment models increase cybersecurity risks?

With all of that, what it’s doing is it’s increasing the amount of data exchange, whether or not it’s going through various analytics, it’s more patient-centered in relation to a lot of the access, opt-in, opt-out, for all these various organizations and options that patients have. But they’re also exchanging data with a lot of different stakeholders.

So, the amount of data, the analytics, the clinical data, the use of being able to exchange even email data with clinical information between entities needs to be in a secure environment. It needs to use, for example, the direct protocol for authenticating between the 2 entities and encrypting the message.

It’s the technology, it’s the amount of data, it’s the amount of additional PHI that’s actually going through all these various data exchange points, so it’s increasing the number of exchange points. It’s increasing the amount of data. All the registries, et cetera, that are all part of this, all have to have the type of policies, procedures, controls in place, and the risk assessments that are necessary to identify any gaps or vulnerabilities and threats that they need to mitigate.

Related Videos
Drs Lillian L. Siu and Matthew G. Vander Heiden
Sam Peasah, PhD, MBA, RPh, director for the Center of High-Value Health Care at the University of Pittsburgh Medical Center (UPMC)
Kimberly Westrich, MA, chief strategy officer, NPC
Marla Black Morgan, MD, Phoebe Neurology Associates
Sam Peasah, PhD, MBA, RPh, director for the Center of High-Value Health Care at the University of Pittsburgh Medical Center (UPMC)
Bridgette Picou, LVN, ACLPN, The Well Project
Laura Bobolts, PharmD, BCOP, senior vice president of clinical strategy and growth at OncoHealth
Adam Colburn, JD, associate vice president for congressional affairs, AMCP
Richard Nowak, MD, MS, Yale School of Medicine
AMCP Recap 2025
Related Content
AJMC Managed Markets Network Logo
CH LogoCenter for Biosimilars Logo