What Can the Healthcare Industry Learn From the Facebook Data Breach
Facebook has reigned supreme all over our newsfeed over the past few weeks. As details regarding its business model (assimilating user data and selling it to interested buyers) trickle out and its brazen mishandling of user information has resulted in global outrage. Considerable harm has been caused to affect privacy norms, government elections, and even perhaps the public health sector.
Facebook has promised to tone down the creepiness – but can it retain its relevancy, and not to mention its phenomenal profits, by becoming less intrusive?
If yes, how would it go about discarding a quality inherent to its existence?
Facebook certainly isn’t the first tech major to have crossed the creepiness Rubicon – that dubious distinction goes to former Google CEO, Eric Schmidt who 8 years ago had said that his company policy “is to get right up to the creepy line and not cross it.” In as recent as 2013, Google revealed in a court filing that users of its Gmail service did not have a “reasonable expectation” of privacy while sending and receiving emails.
Feeling uncomfortable already? Imagine the possibility of dodgy security when it comes to safeguarding your most private and sensitive data – that related to your personal health.
Healthcare data security in the Facebook era
Security in the virtual world has always been difficult, especially when considering the average user personality – an individual who naturally assumes it to be an integral part of everyday software. This isn’t always true, unfortunately, as SaaS products can sometimes be guilty of either diminishing the user experience for an added layer of security, or perhaps not prioritizing security well enough.
Healthcare data when seen vis-à-vis software security, is a soft target for exploitation; firstly, owing to its potential value in the data market and secondly because the healthcare sector carries a reputation of going easy on upping security measures. With their priority being centered on patient care – and rightly so – the onus of fortifying user data in the healthcare domain inevitably falls on the teams manning their software – i.e. their design and development wizards.
This is what designers and developers are up against
You’d be surprised to know the number of healthcare companies and hospitals that are oblivious to the volume of data they possess or even where it resides. The scenario as it stands indicates their full-fledged emphasis on building a patient-focused care system but remains lax about data integration and safety. To cite an example, even a basic task such reviewing a single patient’s information can be a challenge, considering that this information could be fragmented and relegated across multiple systems under various departments – a notorious feature of legacy systems. With health-related software turning increasingly personalized, there’s the added load of even sensitive data being exposed to vulnerability. It has become imperative that hospitals and healthcare organizations figure out a holistic data management strategy, enabling them to be better prepared against security breaches.
Role of UX Design in ensuring security
UX design is integral to maintaining a smooth-sailing user interaction with the product. In most cases, though, security fortification does not typically fall under the design team’s purview. That said, the emphasis is always set upon striking a balance between employing sophisticated security alongside meaningful design.
Contrary to extant beliefs, security and UX indeed are a match made in (enterprise) heaven. Consider this – users bypassing or disregarding security measures owing to a poor experience defeats the purpose of having them.
Bad UX is responsible for exposing the product to security vulnerabilities; good UX lets you breathe easy.
1. Design Thinking should be incorporated right from the start
Security is almost always held responsible for layering (unwanted) complexity to a product. However, with designers having their say right from the operations phase gives insightful information about user habits and behavioral patterns, which helps in defining areas of data accessibility, and going forward, about data security as well. Security consultants would also do well to incorporate elements of Design Thinking by creating focus groups, defining user personas and placing themselves in the perspective of the people who will use their product.
2. Users and security are never to meet
The best kind of security to have in place is the one that never manifests before users. It’s always behind-the-scenes and as glib as can be. Lengthy passwords, complicated codes can be off-putting to users, who then veer towards jumping these cumbersome measures. Microinteractions play a crucial role in essaying these steps smoothly. This involves explaining things like why passwords must be alphanumeric during the signup process, or requiring a two-step authentication for added security. Here, the flow of information and usage of graphics come into play. Seamless microinteraction is what manages to nudge the users in the right direction, while ensuring security along the way.
3. Taking the right cues from HIPAA
HIPAA and the healthcare industry steadfastly aims to protect user data by simply not procuring it. Similarly, designers can set definitive boundaries in terms of permitting a users to only enter inputs pertaining to his specifics. This way, minimized information translates to minimal thefts.
Technology enables healthcare givers to engage patients in managing their needs. Ultimately, what’s crucial is that design and security need to meld cohesively, without one overriding the other. The number of IoT devices growing exponentially only translates into a steady series of opportunities for designers and developers to deliver flawless products – flawless because the healthcare sector leaves little to no margin for anything sloppy – and refine the entire sector, from preventative to palliative care.