HIT Think

Why the urgency to share data will put new pressure on providers

Register now

Healthcare providers have a number of threats from which they must protect patient data and maintain HIPAA compliance. In this highly targeted industry, there’s no shortage of hackers constantly seeking out unsecured devices, paper and information to make a profit.

In fact, the price of stolen healthcare records is falling because of the abundance of such records on the black market. That means that the recent wave of data breaches within healthcare companies has saturated the stolen data market, and the drum beating for expanded data protection to defend against these breaches is only growing louder.

But it’s not just external attacks worrying healthcare organizations; internal leaks also have IT executives taking notice. With most patient data breaches triggered by employees of the organization, protecting information from within becomes just as important, if not more.

Sure, anyone can fall for a phishing scam and unknowingly grant unauthorized access, but there’s an alarming increase in incidents where internal personnel download an unsanctioned solution, not to be malicious but to simply complete their normal job functions. This could occur, for example, when internal file transfer tools, ones approved by IT, don’t support large file transfers in a timely manner.

When employees have the proper file transfer tools at their disposal, however, they’re less likely to circumvent protocol to find one that works for their particular job function.

When we talk about securing patient data, we’re not talking about locking up information in some secret vault that requires a numeric passcode, fingerprint ID, voice recognition and retinal scan to access each piece of information every time. We’re talking about implementing a strategy to keep data safe as it seamlessly makes its way through the organization and beyond.

Also See: Clinician sharing of data a top reason for data breaches

This starts with a pledge to protect healthcare data in transit and at rest, and securely getting it to where it needs to be to ultimately do what it’s meant to do – provide better patient care and health outcomes.

Healthcare companies looking to securely manage and protect this data start with a crucial component of an overall cybersecurity strategy that manages file transfer and provides integration, one that seamlessly handles organizations’ current and emerging data requirements that’s also easy to deploy, use and manage.

Providers have an obligation to keep protected health information private and secure, but the modern convergence of technology and care can present a range of challenges. Normal hospital or clinic visits now involve the doctor, physician’s assistant or nurse entering patient information, test results, diagnostics and more into a computer or even a tablet. But where does that data go? How does it get there? Who has access to it?

Gartner’s just-released list of the tools and techniques organizations should use to protect information resources.
June 21

As hospital networks look to modernize infrastructure to handle the multiple touchpoints and servers exchanging personally identifiable information (PII) and protected health information (PHI), think about all the ways patient data moves in the healthcare world:

  • Medical records and doctors’ notes flow into and out of internal EMR/EHR systems
  • Claims communications are shared by the provider and insurance companies
  • Invoices circulate among accounting, billing and accounts payable departments
  • Data must be transferred externally to labs, clinics and research facilities
  • Public health information must go to federal reporting systems as well as state and other regulatory agencies

These modern data flows require communication between internal and external hospital systems, cloud-based applications and storage, tablets and mobile devices, and even the connected, wearable devices so popular today.

Further, providers and networks must balance the security of these data transfers with technology that’s usable enough to:

  • Accommodate the needs of physicians who require the most up-to-date and accessible data
  • Support administrators looking to ensure business continuity, streamlined operations and workflow efficiency
  • Deliver patients mobile and on-demand access to their own health data
  • Enable HIPAA compliance and other industry mandates

The fact is, these are some complex data movement patterns and represent a tall order for traditional FTP, consumer-grade cloud services or other file transfer mechanisms. The number of touchpoints in today’s digital healthcare ecosystem grows every day, and securely connecting and integrating the flow of information among all of these endpoints is challenging.

While secure integration with external parties has become easier as more organizations adopt deeper protocol stacks, the key challenge remains seamless integrations and orchestration with back-end applications and other middleware applications that populate hospital IT infrastructure.

Clearly, healthcare providers need integration to pull this off. Hospital networks rely on EMR systems, either locally hosted or increasingly cloud-based, and require integration capabilities to exchange data between EMR and other internal applications, enabling secure and auditable internal hub-and-spoke and point-to-point data transfers.

They also require integration with various other health information protection activities to ensure a single point of control within the organization. Integration requires:

  • Security. There is a revolving door of industry mandates and HIPAA compliance requirements that include encryption in transit and at rest, advanced protocols, and user-based access roles.
  • Governance: Managing data along its journey inside and outside the organization provides the structure and process to ensure maximum data quality, data accuracy and data security.
  • Scalability: Since you can’t predict what kinds of technologies and services your employees will need in the future, providers need flexible technology that can adapt over time and accommodate future integration needs, including big data integration.
  • Community management: Dynamic interaction between content and people occurs more often, and community management functionality enables visibility into critical transactions as well as expanded data control and workflow capabilities.

As healthcare continues its digital expansion and as more providers turn to big data analytics and precision medicine, the amount of data exchanged between organizations inside and outside the network will exponentially grow. Healthcare organizations embracing a “data care” approach will better safeguard patient data, manage their information flows and more quickly realize improved patient care.

For reprint and licensing requests for this article, click here.