Guest post by Joanna Gorovoy, senior director product and solutions marketing, Axway.
The healthcare industry is in the midst of digital transformation. At the same time, heightened government regulation, evolving healthcare policies and a rise in healthcare consumerism are driving a shift toward value-based, outcome-driven care models.
The focus on maximizing value and outcomes requires organizations across the healthcare ecosystem to work together, especially across a variety of different, and often unaffiliated organizations, including hospitals, health insurance companies, pharmacies and wearable health tech companies. Additionally, data silos and interoperability issues make it difficult to derive value from health data across ecosystems, provide quality patient care and optimize health outcomes.
Healthcare IT leaders in today’s digital era face a great opportunity and a daunting challenge: deriving value from massive volumes of healthcare data while meeting heightened demands for data privacy and security. In 2016 alone there were 106 major healthcare data breaches, exposing 13.5 million individuals’ records. As healthcare data breaches continue to rise in numbers, healthcare IT leaders must reevaluate how they approach key initiatives across patient engagement, population health management and care coordination.
They need to provide secure and innovative digital experiences by implementing application program interfaces (APIs), which are a set of routines, protocols and tools for building software applications, and increase awareness of industry standards, such as Health Level Seven International’s (HL7) Fast Healthcare Interoperability Resources (FHIR). Doing these two things will provide assistance in addressing interoperability issues and simplify the exchange of health information across the ecosystem.
But it doesn’t stop there. Moving toward a future where healthcare data is more widely accessible will require greater security management across all organizations that have access to patient data. To create a more secure and scalable foundation for digital innovation in healthcare you must follow these three steps:
Guest post by Pawan Sharma, director of operations for healthcare at Chetu.
Healthcare is quickly adapting to the digital environment by leveraging web-based technologies, electronic health records (EHR) and mobile devices to facilitate the movement of information. With innovative software technology comes great responsibility. One of the unfortunate downsides to increasing the use of technology for data sharing in the healthcare world is the risk of data falling into the wrong hands. Full measures need to be put in place to protect patient’s Protected Health Information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) mandates that all PHIs be secured. Any breach, if not handled appropriately under established procedures, can lead to grave consequences including heavy penalties, jail time, or both. Needless to say that proper mechanisms need to be implemented to secure data while it is stored, transmitted and consumed.
Understanding Regulatory Standards
Knowledge is power. It is paramount that software providers look for back-end development partners that have Healthcare IT experience. This includes extensive knowledge and proficiencies with federal regulations like American Recovery and Reinvestment Act (ARRA), meaningful use stage 1 and 2, Accountable Care Act, etc. Also, regulatory health information exchange (HIE) standards such as Health Level 7 (HL7), Health Information Exchange Open Source (HIEOS), Fast Healthcare Interoperability Resources (FHIR), Consolidated-Clinical Document Architecture (C-CDA), Continuity of Care (CCD/CCR) as well as clinical and financial work flows.
With information traveling over a network it may be subject to interference. Hence, it is important that data be encrypted in transit. Vendors must include encryption technology to prevent disclosure of patient health information while data is communicated between the application and the server. Web traffic must be transmitted through a secure connection using only strong security protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS). SSL/TLS certificates are light weight data files that are purchased and installed directly onto the server. Once implemented, a user will be able to connect to the web-based application server via a secure tether with an internet browser.
Organizations have been keen on securing networks and internal infrastructure from external threats. With this in mind, malicious entities are looking to breach data at the application level. Healthcare software proprietors must protect their application from security threats by employing hardening tactics, which shields bugs and vulnerabilities in the coding. This technique primarily includes code obfuscation. Code obfuscation is the act of intentionally creating obscure source code to make it difficult for entities to decipher. Properly employing this tactic hinders a threats ability to reverse engineer and tamper with an application to facilitate a breach.