Health IT, MedCity Influencers

Faster health data exchange starts with addressing health IT’s control concerns

This outbreak has shown us that we need to be much faster, more nimble and better prepared to confidently share health data across organizations.

The security of health data exchange continues to be one of the most prescient concerns, especially true in this rapidly changing healthcare landscape.

Healthcare IT organizations are already overloaded with use cases that demand better operational and clinical value of healthcare data, pushing them to share data with more and more third-party partners to keep up. Now, they are scrambling to manage the Covid-19 pandemic and reacting to new data- sharing regulations. The truth is that data-sharing has never been more important to providing quality healthcare, and if regulations like the recently finalized interoperability rules were in place long before this pandemic reached a fever pitch, it’s possible we’d be in a better position to fight it.

However, as the landscape shifts and the demand increases, cybercriminals are looking to take advantage of old and new vulnerabilities from the cracks created, raising concerns across the industry. These concerns over health data exchange mean that organizations can be a bit slow to enable it, putting us back where we started. Case in point: The Covid-19 outbreak has exposed some of the tension between cybersecurity and health data-sharing. Even when the U.S. government relaxed some of the HIPAA guidelines around data-sharing, companies approached it with extreme caution and uncertainty, concerned with how to maintain control during the pandemic so as to quickly revert afterward. Many companies have been sharing data out of desire and need to help, but always asking what will happen at the end of the pandemic and how it will all revert.

Health IT’s wariness about health data-sharing is anchored in the reputation and financial risks of data breaches as defined by HIPAA and HITECH Act. While the value of data-sharing is largely indisputable, security and control has long overridden sharing in priority, and possibly even spend. Using partners to satisfy demand means more surface area to protect, but also more controls, barriers and hurdles as well. Nobody wants to simply take the door off the hinges, but finding the balance between control, security, and exchange continues to be a challenge that has held an interoperable healthcare world back from achieving its long-promised dream.

The truth is that despite heavy investment in security and numerous barriers to data-sharing, healthcare has fallen behind due to outdated compliance and technology principles. As more and more organizations move to the cloud, policies and procedures will continue to be at odds with the security needs of the modern remote workplaces and cloud technologies. Surveys and questionnaires designed for traditional software vendors and on-premise data centers are at odds with new SaaS and PaaS platforms, all of which are necessary for the future of data exchange and healthcare innovation.

For example, cybersecurity policies and data encryption are clear necessities, but older policies like encryption at best apply to specific use cases and by itself would not protect against many of the modern vulnerabilities and areas where data can be lost. Encrypting a laptop is essential but encrypting database disks and then providing accounts to DBAs, application developers, partner vendors, integrators, data scientists, etc. eliminates most of the security. We’ve already seen recent breaches where third-party vendors were hacked or internal actors accidentally or maliciously exposed data to the public (or directly to patients), resulting in significant amounts of lost, stolen, or erroneously shared health data.

Data needs to be liberated but still under control and compliance. A combination of deeper encryption technologies and easily manageable data controls are increasingly necessary. Direct database access needs to be eliminated and replaced by platforms, microservices, web services, and other technologies that can govern access and maintain control of the data while enabling appropriate sharing and exchange.

With so much currently going on in the healthcare world, we should still think about cybersecurity to quell control concerns and facilitate faster health data exchange. It’s more than just a federally mandated affair. This outbreak has shown us that we need to be much faster, more nimble and better prepared to confidently share health data across organizations. Solving healthcare’s biggest issues, like Covid-19, should be where we put our dollars and what keeps us up at night, not data breaches.

Installing cybersecurity and encryption technology for your database is a good step, but you can’t expect it to be a single fence around your data with a single gate lock. Once the fence is breached and the lock is broken, everything is vulnerable. Instead, healthcare organizations need to have a lock on essentially every single data point behind the fence and locked gate. That level of complexity makes it completely impractical for a cybercriminal to attack because it’s the collection of data that’s useful, not a single point.

Photo: ValeryBrozhinsky, Getty Images


Avatar photo
Avatar photo

Michael Oltman

With over 20 years of experience, Apervita CTO Michael Oltman helps ensure the successful development of healthcare solutions that advance value-centric collaboration.

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.

Shares0
Shares0