The Growing Importance of Compliance and Security in Health Care

The evolution of technology—and the rate at which it’s advancing—is amazing. A generally accepted rule of thumb is that capabilities increase by a rate of 10x every five years. It includes compute resources, storage and speed. In the health-care industry, where ironclad data protection is always top of mind, compliance and security require regular assessment and, when necessary, updating.

Health-care organizations must prepare for an increase in audits as connected devices proliferate and as more applications and platforms move to the cloud. IDC explains that the Internet of Things (IoT), 3D printing, next-generation security, artificial intelligence (AI) and robotics are just a few of the “technology accelerators” seeing deployment in health care.

Unfortunately, cybercriminals are working hard to be one step ahead of these advancements. In today’s hyperconnected world, data has more value than nearly any other commodity, and hospitals, doctor’s offices, pharmacies and other health-care facilities store an abundance of valuable data, making them prime targets. Health-care-provider networks are constantly under attack by ransomware, hacks and other threats. According to the 2017 SecurityMetrics Guide to HIPAA Compliance, health-care organizations accounted for more than 36 percent of last year’s reported data breaches. Although new technologies and government initiatives surrounding cybersecurity are on the rise, the value of patient data is increasing as well—and with it, the amount of cybercrime.

Hacker attacks present the greatest danger to patient data of all data-breach causes. HealthcareInfoSecurity explains that 53 health-data-related breaches reported to federal regulators so far this year (as of July 3) are “hacking/IT incidents.” Though that number only represents roughly one-third of all reported occurrences, those breaches have affected 60 percent of victims—1.6 million people. Of the five largest breaches reported this year, four of them fell under the “hacking/IT incidents” designation. Public statements about at least two of those incidents noted that ransomware was involved. HIPAA settlements are also substantial; nine took place during the first half of 2017, MedCityNews reports.

Obviously, preparation is critical in staying connected and protected. It’s difficult to do so in house, however, even with a fully staffed IT department. Most health-care organizations must identify a cloud-based IT-solutions partner that offers the most up-to-date infrastructure on which to support its network.

When engaging a partner, the first consideration should always be compliance. Any IT partner worth considering must have undergone successful audits and confirmation for PCI, SOC 2 and HIPAA compliance. Liaison advises that you should ask any vendor that will be dealing with sensitive data for proper documentation relating to HIPAA, including policies and procedures for guiding and training employees, audits completed by independent firms (this is not a HIPAA compliance requirement) and business-associate agreements. Partners should also offer services, such as data encryption and single sign-on, that support their ability to enhance their compliance over time while cutting costs.

This year, the U.S. Department of Health and Human Services (HHS) has been evaluating cybersecurity risks, big data and emerging technologies to update compliance standards, Liaison explained. It will only continue to revise HIPAA requirements as health care—and the way its data is stored, transmitted and consumed—evolves. In the mere 21 years since HIPAA’s inception, the legislation has already become a staple of the industry, and its importance will only grow. So, make sure to work with a partner that stays up to date on HIPAA standards.

A good IT partner also must have clear and fast communication to top-tier networks through a secure and wholly owned connection that bypasses the Internet, where data is at risk of hacks and cyberattacks. The data center/colocation partner should have a dedicated staff of expert professionals eager to fully understand specific needs and provide unique solutions, too. I refer to this approach as collaborative care. A health-care organization needs reassurance that staff is available 24x7x365, ready to provide support.

We’re living in an interesting time. If you graph the way technology innovations move over the years, it’s not a straight line: it’s an S-curve, with high activity at the top and idler periods in the valleys. We’re now on an upward swing, and what has dictated that change is the advent of incredibly fast network connectivity. Not long ago, a cloud user’s experience was infeasible because the Internet was simply too slow. Now, health-care organizations enjoy lightning-fast connectivity as they share files, process images and communicate between locations. Hosting servers and data elsewhere means the right amount of storage is available for purchase and the network can scale with growing bandwidth demand. Today, the 100Mbps circuit is becoming more and more common. It will soon evolve to 1Gbps.

A good data center provider, such as 365 Data Centers, recognizes these changes and stays ahead of that curve. It should understand the importance of meeting compliance standards (by being up to date on all of these requirements), providing next-generation firewalls, and being active in defending against security threats.

The advancement of technology is exciting, and it’s creating new capabilities for health-care organizations to assess and treat patients, access and share data, and communicate with patients and staff in real time via connected devices. With all of these capabilities comes risk. A compliant, knowledgeable partner reduces that risk considerably.

JKatz110117-585x387.jpgAbout the Author

As Vice President and Chief Administrative Officer of 365 Data Centers, Jason Katz serves as the Company’s point of contact for customers, vendors and other partners in the Boca Raton and Fort Lauderdale markets. He aids in the rollout of network, IP, DRaaS, and cloud-service offerings and oversees the integration of all administrative functions.