Frank Ingari, CEO of NaviNet, Inc., joined Bernard Golden, Vice President, Strategy, ActiveState;, George Reese, Dell; Yoram Mizrachi, Perfecto Mobile; and Scott Malinowski, Mobile Product Communications, SAP on "The Intersection of Privacy, Mobility and Cloud" panel, moderated by the incomparable Josh Greenbaum, Principal, Enterprise Applications Consulting, at the IEEE Society’s Rock Stars of Mobile Cloud event in Boston on May 6, 2014.
You can’t escape the topics of privacy and security. They are all-pervasive. But what is the true distinction between them? Ingari believes privacy is a right, and security is a method. He reminded us that “privacy” has meaning “on its own”—“after all, it is in the Constitution.” To which, Malinowski told Ingari to, “Get over it.”
Consumers share a huge amount of personal data without understanding how they are protected. Even the savviest executive has found a profile of him-/herself he/she hadn’t built online. Just the sheer volume of data—which grows exponentially daily—makes it almost impossible for policy to keep up.
There is an important behavioral aspect to security that has nothing to do with technology: We are responsible for controlling our own behavior. With the rise of “bring your own device” (BYOD) in healthcare delivery settings, vigilance is key. Think about another scenario: What is my actual control of that information because I see something interesting on Epic from where I’m standing when I’m visiting a PCP’s office? The networking aspect is third point. If you are vigilant relative to third parties and partners, you can significantly lower risk. There are start-ups today that are not used to dealing with security issues. Right now, they are fairly innocuous. Five years from now, that likely will not be the case. They are a potential threat to the ecosystem.
Healthcare is a species onto itself, with HIPAA as its regulating body. HIPAA is the social norm. The control lever isn’t technology. HIPAA has changed the way the healthcare continuum uses data, and technologies are racing to keep up. Conversely, think about the November 2013 Target data breach. What happened to Target is that U.S. banks haven’t gone to chip and PIN smart card systems. Europe has had them for 20 years. In terms of social norms, financial services pays lip service. Might HIPAA be a model for other industries? It’s definitely something to think about.