By Coley Chavez, Chief of Staff and Compliance Officer of Genomic Life
Healthcare data is defined as “any information, which relates to the physical or mental health of an individual, or the provision of health services to the individual.” This data stems from several sources, including but not limited to electronic health records (EHRs), medical imaging, genomic testing, medical devices, and claims data. The acceleration of technological improvements in healthcare throughout the past decade has enabled millions of practitioners and patients to convert their healthcare data into useful, actionable information.
However, considering prevalent cybersecurity attacks, there has been increased scrutiny of healthcare data security management and measures in an ever-changing healthcare landscape. Earning an end-user’s trust is paramount to adopting innovative healthcare solutions.
Security and privacy are essential foundations when it comes to protecting healthcare data. How an organization commits to this is critical, especially regarding data sharing.
The migration of electronic healthcare data stored to a cloud-based architecture has created a significant shift in how businesses must proceed with managing and protecting their end-user’s sensitive information. Robust privacy and security policies and certifications must replace traditional security measures for protected data that organizations previously managed on-premises.
A Culture of Compliance
Companies managing sensitive data must adopt a culture of compliance when developing their security and privacy programs. This initiative should start with the company’s risk management framework. Leadership needs to set the bar high, as does the investment in technologies that ensure the privacy and security of the data.
We utilize third-party audit organizations to test and validate our compliance program’s security and privacy controls. Companies that don’t look holistically at their security and privacy measures upfront will have difficulty implementing the long-term.
Buy-in for compliance must come from the top. A company’s board of directors, the executive management team, and the organization must create a culture around compliance. Without buy-in from the top, it is challenging to implement proper safeguards.
As healthcare data breaches have been occurring more frequently and on a larger scale, these cybersecurity issues have reminded us that not all companies hold data security and privacy with such high regard. Despite the increased adoption of innovative cloud-based technologies, the healthcare industry still lags behind most other industries when it comes to data security and privacy management. This is mainly due in part to the challenges presented by the complex nature of healthcare data and budget limitations.
Health information is worth much more on the dark web than someone’s financial information. With that additional information, a hack can manipulate things such as medical services and IRS tax audits. As such, the end-user is rightfully looking at who is managing their data and what regulatory framework is in place to protect their most sensitive information. Companies that don’t adhere to these frameworks increasingly run the risk of facing consequences that are severe and expensive.
As this paradigm shift in healthcare data security continues to take place, the most successful data management companies will adopt a modern risk framework that emphasizes a culture of compliance that ultimately builds more trust with their end-user.
Paramount to this new regulatory framework for data security is an agile-based compliance program that can meet the different needs of each stakeholder.
Our stakeholders- employers, employees, and benefit brokers – have different requirements. We must look at how we apply our agile-based, rigorous compliance program to meet their needs at varying levels.
As Genomic Life’s compliance officer, when our company signs on with a new client, I meet with their security and compliance team to explain our current risk management program and the measures we have to safeguard their stakeholders. There are numerous layers of responsibility we must account for in rendering our services, and the comprehensive compliance program I’m describing allows us to plan for these layers as they occur more effectively.
All companies that manage sensitive customer data must invest in their overall compliance programs and demonstrate compliance through verification with the highest certification bodies, such as HITRUST, offering comprehensive cybersecurity management and evaluations. Companies that manage your data should be trusted, but as the end consumer, it’s crucial that you also verify.
Electronic data management is constantly evolving, requiring leaders to review their policies and redefine governance, risk, and compliance programs to ensure the highest level of privacy and security measures. This step fortifies the trust, but verify mandate.
About the Author
Coley Chavez is the Chief of Staff and Compliance Office of Genomic Life. He works with the CEO, Executive Management Team and Audit Committee, and leads a team tasked with aligning the organization’s operations and technology platforms in order to help deliver the sciences of today for the medicine of tomorrow.
Prior, Coley held leadership and executive roles at Chord Health, OncoSec Medical, Inovio Biomedical Corporation, Genetronics, Inc., BTX, Abnology, Sangart Inc., Ziff Davis, and Harte Hanks Market Intelligence.
He is a HITRUST Certified CSF Practitioner (CCSFP, #59200) and architects agile-based compliance solutions. He has received certifications from San Diego State University and the Certified Technical Institute (CTI) for Computer Sciences and focused-based information technologies. Coley has been involved in the HIT community working with the Life Sciences Information Technology Global Institute (LSIT), HIMSS, further promoting and developing industry Good Informatics Practices (GIP) for the Digital Health, Life Sciences, and the Health Tech industry for over 20 years.
Coley has a degree in Finance from the University of New Mexico and was a member of the UNM Football team.
Coley Chavez can be reached online at https://www.linkedin.com/in/coleychavez/ and our company website is https://genomiclife.com.