By Joe Gaska, CEO, GRAX.
Healthcare is highly regulated when it comes to data security and privacy, and rightly so. Patient data is ultra-sensitive and any changes made to records could literally cost someone their life. Regulations from HIPAA to U.S. Food and Drug Administration 21 CFR Part 11, stipulate the need to exercise best practices in IT to keep electronic patient data safe, which is why legacy healthcare technology vendors like Cerner and Epic are so focused on guarding against unauthorized access and cyber attacks.
As more and more providers transform to outcome-based healthcare models, however, the ability to minimize risk of data exposure is getting harder to do. That’s because, in order to increase efficiencies and optimize patient care, organizations are increasingly introducing cloud-based, or SaaS, applications into their processes. They leverage these applications to analyze data and get insights related to patient journeys, treatment pathways, the cost of care delivery and even the efficacy of various medical devices.
The compliance challenge
While this is essential to do, it also complicates regulatory compliance since it requires moving or copying data from your infrastructure into other applications. Every time a new application is introduced, healthcare organizations essentially need to get that vendor to sign a BAA (Business Associate Agreement) to accept responsibility for the safety of patients’ health information and maintain appropriate safeguards. Yet even with an agreement in place, organizations are still at risk. HIPAA and other compliance measures require audit trails, which are more difficult to maintain with SaaS applications.
In addition, because users need SaaS data for analytic and other purposes, they’re likely to download, make their own copies and store it in their own folders and systems. This data sprawl increases potential access points and vulnerabilities.
All of which begs the question, how can organizations help protect sensitive data while still leveraging that data in a way that works to improve outcomes? The answer lies in data ownership.