"If I was a payer right now, security and ransomware would be keeping me up at night," says one HIPAA legal expert.
Quantum computing derives its name from quantum physics, in which particles can operate in two states at the same time. Quantum computing's potential is to "tackle certain types of problems—especially those involving a daunting number of variables and potential outcomes, like simulations or optimization questions—much faster than any classical computer." The difference is the quantum bit or qubit, the equivalent of the transistor, which has itself advanced exponentially since its creation more than 60 years ago.
Just as the number of transistors per microchip increases processing power, so theoretically does the qubit, with the added phenomenon that multiple computing realities are present at once. The question is how payers and other healthcare stakeholders can apply such technology. The potential for quantum computing in healthcare includes what it can be used for and what it may protect organizations from.
Quantum computing's healthcare applications
A commonly cited quantum computing application in the for column is drug discovery speed and effectiveness for manufacturers and process optimization for payers and providers. CB Insights writes: "Optimization problems are notoriously difficult for classical computers to solve due to the overwhelming number of variables and possible combinations involved. Quantum computers, however, are well suited to this type of task as different options can be sifted through at the same time."
To a question of when, the future appears to be soon. For the first time, IBM will install its quantum computers at an off-site private business: Cleveland Clinic. Planned applications include gene, infectious disease, and public health studies. National payer Anthem is entering the space, having joined IBM's Q Network Hub to explore how quantum computing "may help in developing more accurate and personalized treatment options and improving the prediction of health conditions."
Additional quantum computing applications for payers and providers include:
- Improving diagnostic imaging quality, analysis, and processes
- Advancing precision medicine
- Optimizing pricing and perfecting risk analysis
All of these could be possible through quantum computing's ability to process multiple, interdependent data sources concurrently (e.g., clinical, social, economic, environmental). That same data, however, is where quantum computing poses a real threat that regulators and tech developers alike are seeking to solve.
Cybersecurity and emerging standards
To understand why, in part, we need to look at the algorithms that industry uses to collect, manage, and harness big data for business and consumer applications. IBM notes that "[q]uantum-enhanced machine learning algorithms are particularly relevant to the [healthcare] sector." But current algorithms also represent a threat, including to payers. CB Insights writes: "Cybersecurity could be upended by quantum computing. … Powerful quantum computers threaten to break cryptography techniques like RSA encryption that are commonly used today to keep sensitive data and electronic communications secure."
The potential threat has prompted the National Institute of Standards and Technology (NIST) to draft new guidelines. Congress established NIST at the turn of the 20th century to help build the national infrastructure needed for global competition. Two decades into the 21st century, NIST is developing new cryptographic standards with finalization expected in 2022. In an August 2021 white paper titled Migration to Post-Quantum Cryptography, NIST states that this requires identifying, prioritizing, and migrating the "vulnerable algorithms" that underpin current cryptography to "quantum-resistant" ones via five planned discovery scenarios. One of these scenarios will address healthcare algorithms in both "enterprise data center environments … [including] on-premises data center and hybrid cloud deployment hosted by a third-party data center or a public cloud provider."
The National Cybersecurity Center of Excellence (NCCoE) will also be "developing white papers, playbooks, and proof-of-concept implementations … [and] forming a Cryptographic Applications community of interest ... [to] provide recommended practices to prepare for a smooth cryptographic migration" from quantum-vulnerable to quantum-resistant encryption algorithms. Quantum key distribution (QKD), another strategy, will help transfer encryption keys and detect their interception. "Done right," CB Insights writes, "this means that even quantum computer-equipped hackers would have a hard time stealing information."
HIPAA is not enough
These efforts are right on time as current standards alone will not fully protect health plans and other HIPAA-covered entities as an increasing number of corporate ransomware attacks make headlines. National HIPAA expert Roy Wyman, a partner with the legal firm Nelson Mullins and chair of the its Privacy & Security Industry Group, notes: "If I was a payer right now, security and ransomware would be keeping me up at night. Simply complying with HIPAA is not enough. New technology like quantum computing will make it more difficult to stop hackers, especially state actors."
In a 2020 paper, Wyman notes that HIPAA "has mostly been locked in amber since 2009,” despite regulatory updates. Even a "second wave" of privacy and security requirements marked by the EU's 2018 General Data Protection Regulation (GDPR) guidance and stateside via legislation in California, Colorado, and Virginia have not fundamentally altered HIPAA. Noting that none of these state statutes goes beyond simply requiring "reasonable" security measures, Wyman adds: "There must be a much more nuanced approach than just complying with HIPAA."
Solutions through payer collaboration
From a tactical perspective, Wyman offered one solution for health plans: banding together to create security cooperatives to share resources, group data where appropriate, and segment it where critical firewalls are needed. This could be accomplished via joint venture, one of healthcare's favorite ways to turn competitors into collaborators, that is funded by participating payers. "Quantum computing is becoming more common but very expensive. Individual players may not be able to afford their own individually but collectively could fund a quantum shell for protection," he says.
CB Insights notes that while quantum computing "faces a number of hurdles, … the payoff may still be worth it. Some think that quantum computing represents the next big paradigm shift for computing—akin to the emergence of the internet or the PC. Businesses would be right to be concerned about missing out."
Wyman cautions, however, against technology's ability to solve everything that ails healthcare data privacy and security. "There is a perspective with tech that it's always the answer. There are places where it doesn't help. We're not systematically weighting benefits and costs." He recommends a similar systematic approach to revising the regulations that go hand in hand with tech development. "We either need to revise HIPAA to put more resources behind it or, even better, take a step back to reassess privacy and security, and how we deal with them."
Quantum computing and regulatory frameworks remind us that it will take collaborative, integrated, and simultaneously occurring reforms—along redefined business models and value chains—for sustained healthcare reform.
Laura Beerman is a contributing writer for HealthLeaders.
KEY TAKEAWAYS
Quantum computing's ability to process a staggering amount of complex data while arriving at multiple, independent conclusions has wide applications, including for healthcare.
It also poses new data privacy and security risks.
Payer response will likely require collaboration in an environment where technology and regulation must advance together.