The balance between using health data and protecting employee privacy
As the use of data and advanced analytics increases, it’s critical to invest in strategies that aim to boost the security and privacy of employee health data.
It has grown increasingly common to hear stories of personal data being misappropriated. Yet, as consumers continue to expect more personalized experiences, many companies view data and advanced analytics as key to delivering on those expectations.
As a result, questions and concerns are likely to grow around how data is being used, who it’s being shared with and what level of visibility companies should provide to consumers. In fact, a recent survey found that nearly 75% of patients expressed concerns around the privacy of their personal health data.1 The same survey found that only 20% indicated they had visibility into which companies have access to their data.1
Looking within the health care space, recent headlines have highlighted some of the issues that can arise. For instance: when health data is shared or sold for marketing purposes and without patient consent, when health systems experience data breaches or when health care startups, apps or services aren’t designed to be compliant with the Health Insurance Portability and Accountability Act (HIPAA) — national standards that aim to protect an individual’s medical records and other individually identifiable health information. In 2022, data-related attacks on health care organizations averaged 1,463 per week — up 74% over 2021.2
The prevalence of these instances can also explain the growing concern from patients and the health care industry around how to keep data secure as the use of technology (including cloud-based electronic health records, mobile apps, virtual visits and wearable tracking devices) continues to expand.
“Attacks on personal information escalate every year. It puts a huge effort on the keepers of that data to maintain its security.”
Benefits of using health data
The amount of health care data collected annually is staggering. On a global basis, one source estimates that the health care sector generated more than 2.3 zettabytes in 2020.3 To put that into perspective, one zettabyte is the equivalent of a trillion gigabytes — which is still a challenge to conceptualize.
There’s an enormous amount of health data out there. When analyzed and applied appropriately, data can provide valuable insights into many areas of health care, including developing new treatments, helping employers make informed health care decisions and even increasing efficiencies and reducing waste or errors. For employers, access to that data and analysis can enable a deeper understanding of the health and well-being needs of their workforce — possibly informing the structure of their health plan to drive improved health outcomes and lower costs.
Ultimately, how UnitedHealthcare and Optum use data is a good example of how health care data can be used responsibly to advance health care.
Craig Kurtzweil, chief data and analytics officer for UnitedHealthcare Employer & Individual, explains, “We use data and insights from within UnitedHealthcare and Optum to better understand how employees qualify their ideal health care experience.”
For example, Kurtzweil shares that data revealed how the youngest generation in today’s workforce, Generation Z, doesn’t tend to see the value of having a primary care physician. That insight, along with others, led UnitedHealthcare down a path to reimagining the way primary care is delivered, which included enhancing its virtual health solutions and investing in new technologies to transform the way employees engage with the health system. UnitedHealthcare can then provide those insights to the employers it serves and help them educate Generation Z employees about the value of primary care.
“We have one of the largest data sets in the industry, which allows us to be more agile in spotting trends. But doing so in a way that doesn’t compromise a member’s data or privacy is paramount and matters to UnitedHealthcare.”
Concerns with using health data
Employees are actively concerned about how their health data is being accessed — and how it’s being used. In her role as associate director of health plan research at Advisory Board, Sally Kim regularly connects with employees about their health care experience.
“One of the concerns I hear most often from employees centers around the use of technology in health care,” Kim explains. “There seems to be an inherent distrust of relying on algorithms to access and sift through their clinical data, even when that analysis can help inform their providers’ decision making.”
This wariness is being addressed in different ways, with carriers and providers aiming to offer employees more insight into data use and giving them options to choose how and with whom they want their data shared. So, when it comes to deciding on which health plan and benefits to offer employees, employers should consider how a carrier prioritizes the security and privacy of their employees’ personal health data.
Steps UnitedHealthcare takes to ensure health care data privacy and security
Solving the biggest challenges in health care demands new ways of thinking. And that certainly applies to finding ways to manage health data responsibly to make health care more personal, supportive and affordable.
UnitedHealthcare focuses on bringing solutions to market that are helping make the health system work better for everyone and helping people live healthier lives. That includes pursuing deep industry knowledge and access to data while collaborating with others from across the industry to ensure that data is protected.
UnitedHealth Group, the parent company of UnitedHealthcare and Optum, manages cybersecurity and data protection through a continuously evolving framework. The framework supports training, daily assessment of risks the company may face and the establishment of policies and safeguards to protect enterprise systems and the information of those it serves.
UnitedHealthcare also continues to invest in new capabilities to help ensure rapid response and recovery from potential attacks, including system rebuild and recovery protocols so key systems are restored fully and quickly — a step beyond the current protocols of data center failover.4
“UnitedHealthcare takes protecting employer and employee data very seriously, serious to the point where we’re conservative about the number of groups we collaborate with across the industry. One reason for this is that we adhere to HIPAA guidelines, which means we not only vet who we work with but also anyone else who has access to their data,” Kurtzweil says.
With proactive measures in place such as strong encryption tools, multi-factor authentication systems, detailed breach response plans, regular audit processes, robust firewall protection and continuous monitoring for potential threats or suspicious activity, employers and employees can rest assured knowing UnitedHealthcare is committed to protecting sensitive employee data while providing useful insights from collected health care metrics.
“UnitedHealthcare takes protecting employer and employee data very seriously.”
