Safety First: Making Healthcare Data Security A Priority 

By: Natalie Cheng

July 26th 2021

Security – it’s a basic human need. In order to move up through Maslow’s hierarchy of needs to achieve self-actualization, you need to feel secure. In terms of healthcare organizations and as a patient, you need security as well– specifically healthcare data security. For healthcare, we have the Health Insurance Portability and Accountability Act or HIPAA, a federal law that “required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.” In addition, the US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule, which implements HIPAA requirements. The HIPAA Privacy Rule’s goal is to make sure that individuals’ health information is protected while also allowing the flow of health information needed to provide and promote high quality health care and protect the health and wellbeing of the public. As data becomes more accessible to patients and organizations adopt interoperable healthcare solutions, everyone must keep data security top of mind.

Security in Interoperability

With the 21st Century Cures Act and the Interoperability and Patient Access final rule, an increasing number of patients will or have already received free rein to their healthcare information. These rules were designed to help patients get convenient access to their records and boost the healthcare data ecosystem. In addition, the HHS aims to move organizations toward value-based care, which will improve the quality of care and bring transparency into costs and outcomes.

To support data exchange with secure APIs, the Centers for Medicare and Medicaid Services (CMS) along with the ONC use Health Level 7 (HL7) standards. This promotes interoperability among various systems across healthcare organizations. In order to bring about true interoperability, healthcare organizations will need to ensure that each connection is secure. According to an IBM report, on average, a healthcare data breach costs more than $7 million. This amount includes direct costs such as lost revenue and customer turnover. Furthermore, a data breach will also negatively impact a company’s reputation and lead to higher costs to acquire customers. Fortunately, hospital and healthcare systems can secure patient data and avoid these potential financial losses with the right systems and infrastructure in place.

As Medical Economics states, “Interoperability is only as secure as the weakest link in the information exchange chain. The potential for a HIPAA violation, a data breach, a ransomware attack or other cyberattack remains high, which is why healthcare providers, software vendors and others should explore certification and accreditation programs to bring the rigor of a third-party examination to these new connections.” The ONC has already created specific API Conditions of Certification to ensure that developers of certified health IT are following the rules.

Various organizations are also working on developing industry use cases and promoting interoperability. These include the Da Vinci Project (developing industry use cases for payers and health plans), the Argonaut Project (working on expanding information sharing for EHR and health IT), and others are working with qualified health information networks (QHINs) and the Trust Exchange Framework with Common Agreement (TEFCA).

As a healthcare organization, are you ensuring that the data flowing through your IT infrastructure is private and secure? Make sure that the interoperable solutions you are using follow the rules and guidelines discussed above.

Are you looking for interoperable solutions to help your clinical workflows? Contact us and we can discuss your pain points and see if any of our solutions are right for your organization.