The 2 Biggest Threats Your Healthare Clients Face: Lost/Compromised Data
Business Solutions recently reached out to several industry experts to get an update on the latest trends happening within several key vertical markets, including healthcare. Following is the dialogue I had with Pavan Vyas, product marketing manager at Asigra, a hybrid backup and data recovery vendor.
What are the biggest driving factors behind the adoption of business continuity and security solutions and services in healthcare?
Vyas: "The healthcare industry has undergone massive changes over the past decade, particularly in the way it manages its information assets. Spurred by patient demand and the passage of key regulations such as Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) in the United States and other such similar regulations the world over, healthcare organizations today are faced with the challenges of both expanding the use of information technology in their operations and safeguarding the health data assets of their patients.
Paper files of personal health information are fast being replaced by electronic health records. Digital imaging technology has further accelerated the adoption of electronic health information. With the proliferation of mobile devices and the increasing use of tablets and smartphones to deliver bedside care and access patient information, the complexities of managing access to strictly personal health information and protecting against data breaches have only increased. Data breaches today are frequent –- coming from a variety of sources, such as malicious software, missing or lost tape drives, misplaced or lost laptops, tablets or smartphones, and sometimes via loss paper files as well. The cost of a healthcare breach can be significant running into millions of dollars in fines and remediation costs, besides a loss of reputation and sometimes, the entire business. This situation lends itself as an opportunity for service providers who can help their healthcare customers make the transition towards more efficient business operations while remaining in compliance and preventing the challenges that can arise from the loss or breach of confidential healthcare information.
What are a couple of specific backup and security standards VARs/MSPs need to be mindful of with their healthcare clients?
Vyas: By investing in a secure agentless end-to-end backup platform, VARs/MSPs can ensure that all the data in the organization, including that which resides in endpoint devices such as laptops and tablets is safely backed up to a single repository where it can be maintained in a secure and highly recoverable form for long periods of time as mandated by regulatory agencies. A good backup and recovery platform will also ensure that the data is encrypted at source using a NIST FIPS 140-2 certified algorithm such that the data is encrypted both when traversing through public networks and when stored in the backup repository. The NIST FIPS 140-2 certification is a necessary condition to achieve compliance with regulations such as HIPAA in the United States, the PIPEDA in Canada and the European Union Data Privacy Directive.
By leveraging technologies such as deduplication and compression, service providers can help reduce the network and storage costs for healthcare organizations facing the challenges of burgeoning data growth. Further, instant recovery of virtual machines can help cut down recovery times from hours to just a few minutes. The healthcare sector is one of the sectors where IT service providers have the opportunity to step out of the shadows and take a central role in influencing the business operations of their customers. Such opportunities are few and far in the world. Service providers should seize this chance.