In this modern era, data breaches and exposure of personally identifiable information is so frequent as to nearly be unremarkable. Last year alone, there were over 3,900 publicly disclosed data breaches; although a decrease of almost 50 percent compared to 2019, these breaches revealed 37B records, an increase in volume of 141 percent.
It’s one thing to have your driver’s license or social security number out there. But — as any health technologist can tell you — a breach that exposes sensitive healthcare information automatically catapults into a completely different category. It’s unsettling that the results of your mammogram or colonoscopy, the private concerns you’ve shared with your doctor, or how much you owe on your medical bills could be fodder for the unscrupulous or even simply the curious.
After all, patients enter the healthcare system at their most vulnerable, their most human, frequently at moments of tremendous need, sometimes at the worst times of their lives. For some, even the act of stepping foot into a doctor’s office takes tremendous courage. Patient privacy breaches and HIPAA violations are especially egregious as they undermine people’s trust in a way that can fundamentally alter their health outcomes.
That said, healthcare technologists are facing an uphill battle as they innovate and develop technology for this space. Security is constantly at the forefront for most of us. At Welkin, for example, we’re believers in a layered approach:
- Permissions that protect data integrity while still enabling critical information to be shared between roles and teams
- Audit trail and security log to ensure every security action is visible
- Organizational security controls that allow teams to leverage multi-factor authentication (MFA) or single sign-on (SSO)
- HIPAA compliance and a SOC2 Type 2 certification
But the challenge for us all is a fractured landscape of customer requirements. In Canada, for example, there are provincial requirements for hosting data on prem versus the cloud. Ireland has similar constraints. This isn’t uncommon, especially in EU countries that have a robust privacy shield. But it’s increasingly surprising in a world that’s largely moving away from local hosting and storage to the agility and flexibility of the cloud. It’s like clinging to a horse-and-buggy when there’s a perfectly good Ford ready to take you where you need to go.
Healthcare technologists can build next-level, intuitive, patient-centric innovation that delivers on the promise of easing clinician burdens and producing better patient outcomes. And we can do it in a privacy-first way. But legislators considering data privacy issues must consider where technology is and where it’s going. Can you imagine telling Amazon and Salesforce that on-prem is the only way? It’s unthinkable.
Building in a cloud-native fashion is now table stakes; this is the standard. And failing to embrace it now presents its own serious risks later; chiefly, healthcare technology that isn’t as nimble, modern or effective for patients as it could be.