Healthcare organizations today are empowered like never before to change the world with patient data. From electronic health records (EHRs) to medical imaging, patient data is the defining asset, but its secure management and retention presents complex challenges.
The volume of patient data is perpetually increasing, as are the regulations regarding its retention. Given its disparate sources of origin, data is most likely managed among multiple platforms and systems. More data and more systems translate to a broader attack surface increasing vulnerability. Collaborative care adds complexity as data travels between different platforms and devices, also increasing the opportunity for breaches.
Sheila FitzPatrick, Chief Privacy Officer at NetApp says, “There is a strong temptation for organizations to collect and retain the greatest amount of data possible. However, in expanding the scope of data to be collected or retaining it for longer than required, organizations can quickly find themselves out of compliance and facing fines.”
For U.S. healthcare providers and payers, HIPAA has long been the standard for safeguarding medical information. However, with new EU General Data Protection Regulation (GDPR) enforcement coming into effect in early 2018, U.S. healthcare payers and providers must be informed on new regulations, even if they don’t have physical operations Europe. As data takes the center stage and becomes the lifeblood of healthcare organizations, data privacy is becoming even more important.
Privacy and Security: one and the same?
Governments and regulators around the world are putting a stronger focus on protecting the privacy rights of individuals, raising the threat of massive penalties for companies that fail to comply.
Given the complexity, it’s no surprise that many organizations don’t recognize the differences between data security and data privacy. FitzPatrick explains, “Frustratingly, many organizations approach data privacy as a subset of data security, however they are distinct issues. An organization can have the most secure data management and storage environment and yet still not be in compliance with data privacy regulations. And, equally an organization can be in compliance with data regulations, but be lacking fundamental information security, which exposes the organization to different, but equally serious, forms of risk.”
FitzPatrick will be offering guidance to healthcare executives about the changes in privacy law that will affect personal health information. Join the webinar on Wednesday, September 20, 2017, to find out more about the changing legal landscape, the importance of privacy due diligence, challenges with new technology, and the similarities and differences between data privacy and data security.
FitzPatrick will also talk about the importance of building a legal privacy compliance framework as the foundation to meet your obligations under data privacy laws. If you are a data driven healthcare organization, you won’t want to miss this event.
Register now for the webinar on Wednesday, September 20 – 10 a.m. PT/1 p.m. ET