By Ernie Sampera, vXchnge
The Digital Transformation of Healthcare Brings a Host of Security Challenges
Industry experts predict that 2020 will be a watershed year for the digital transformation of healthcare, marked by the meaningful adoption of Internet of Medical Things (IoMT) applications, Artificial Intelligence (AI) systems, advances in data analytics, and telemedicine. But the adoption of these and other next-generation technologies doesn’t come without inherent risks and technical challenges, including cybersecurity, and significant regulatory and compliance regulations. A study by IBM found that healthcare organizations suffer the highest costs associated with data breaches, which were three times higher than in other industries.
Although healthcare has been slower to adopt digital technologies than other industries, the IoMT is but one next-gen medical innovation that is gaining traction among providers as they seek better and more efficient treatment options, improved patient outcomes and lower costs. The IoMT refers to a system of Internet-connected medical devices that can generate, collect, analyze and transmit data between each other, software applications and healthcare provider IT systems. For example, IoMT devices and medical wearables can remotely monitor patient vitals, glucose levels and other bodily functions, as well as track physical activity and sleeping levels.
Presently, there are approximately 3.7 million connected medical devices in use that monitor various parts of the body to better inform healthcare decisions. Frost & Sullivan predicts the IoMT may well comprise 20 to 30 billion devices by the end of the year. In fact, according to Allied Market Research, by 2021, the global IoMT market will reach nearly $137 billion. That said, the increasing numbers and capabilities of connected medical devices pose additional risks for data security.
The Doctor Is In and Online
Even as the healthcare regulatory landscape continues to adjust to emerging technologies, AI systems are being developed to help medical professionals analyze data more efficiently. AI-powered analytics and machine learning tools can review millions of healthcare studies to determine an effective treatment plan based on a patient’s condition, medical history and other markers. AI imaging tools can analyze CAT scans in mere seconds, and screen chest X-rays for signs of tuberculosis, often achieving a level of accuracy comparable to humans.
Meanwhile, for patients living in rural or remote areas where access to healthcare is traditionally limited, telemedicine is improving people’s access to medical professionals and specialists with virtual appointments. Today, there are various mobile applications and video-based technologies that enable patients to communicate with doctors and receive the care they need. A 2018 Deloitte survey found that nearly one out of four U.S. consumers have already experienced a telehealth visit with a clinician.
Augmented Reality and Virtual Reality (AR/VR) applications are yet another example of innovative solutions that are transforming the healthcare industry. For example, AR /VR and mixed reality apps are assisting medical professionals to learn how to perform complex procedures without having to place patients at risk. For patients suffering with depression brought on by dementia or Alzheimer’s, AR/VR apps are being used to recreate positive experiences from their past, countering the often debilitating cognitive and emotional symptoms of these widespread diseases among our aging population.
According to a new report by Reports and Data, the global AR/VR healthcare market is projected to reach $7.05 Billion by 2026, spurred by the rising demand for innovative diagnostic techniques, virtual training of surgeons, and better care management of neurological disorders, chronic illnesses such as cancer, and seniors in assisted living facilities.
Is Your Colocation Data Center HIPAA-HITECH Compliant?
Given the ongoing digital transformation of healthcare, data security matters now more than ever. Yet despite, or because of, the proliferation of these and other next-generation technologies, consumer confidence in the security of their medical providers’ IT solutions continues to wane. DDoS and ransomware attacks are becoming more common and sophisticated, and healthcare facilities present vulnerable targets. A major challenge in the healthcare industry is the sheer amount of data that hospitals, clinics and health professionals now collect. Moreover, the mainstream adoption of IoMT devices and the overall digitalization of the industry will inevitably make it only more vulnerable to cyberattacks and security breaches.
As any medical professional knows, there are several data security compliance standards that impact today’s healthcare organizations, but few of them have the public visibility of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), one of the foundational data privacy laws in the U.S., which sets national standards for how healthcare and insurance organizations manage protected health information (PHI) related to all healthcare transactions. These protections were significantly expanded to cover the exchange of electronic protected health information (ePHI) with the passing of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), which introduced a number of incentives designed to promote the use of electronic health record (EHR) systems.
Both HIPAA and HITECH apply to any organization that handles personal health information in any capacity — including third-party vendors, whether they’re handling data as a contractor or subcontractor — a responsibility that extends to data centers and colocation facilities. In order to obtain and maintain their compliance status with regard to sensitive healthcare data, data centers and colos must demonstrate that they have implemented a number of security measures that go far beyond the storing and distribution of EHRs, electronic medical records (EMRs) and personal health records (PHRs). Below is a brief, but not all-inclusive, HIPAA-HITECH checklist to assist healthcare providers to assess their colocation data center provider’s data security and risk mitigation positioning.
A HIPAA-HITECH Compliant Colocation Data Center:
- Outlines a disaster recovery plan
- Installs physical and logical security controls to manage access to servers
- Uses encryption protocols to protect data while at rest and in transit
- Implements an information security policy to train personnel regarding data management
- Isolates IP addresses to separate protected health information from the public Internet
- Performs ongoing risk assessment to identify and mitigate threats
- Conducts routine audits to maintain data security and operational readiness
Mitigating the Risk of DDoS and Ransomware Attacks
A reputable colocation data center can provide organizations with an extensive array of tools for mitigating the risk of DDoS and ransomware attacks. Since these facilities have much greater bandwidth capacity and more secure routers managing incoming traffic, data center security is far more equipped to withstand attempts to overwhelm their infrastructure than the typical on-premises IT solution. With blended ISP connections that provide multiple layers of redundancy and real-time monitoring powered by predictive analytics, data centers have ample resources to combat the latest DDoS attack strategies.
A colocation data center also succeeds or fails on the strength of its interconnect options. While there are certainly data security benefits and cost savings related to power and cooling gained by colocating servers in a data center environment, the right connectivity services can truly transform a business, including healthcare organizations. When evaluating a colocation facility, there are a number of questions potential customers should ask about its interconnectivity options.
For example, is the colocation facility carrier-neutral? A carrier-neutral data center provides the best option for networking data and building customizable network solutions. These data centers embrace the concept of connectivity by offering customers access to a variety of cloud service providers and Internet service providers (ISPs). Single-carrier data centers, on the other hand, only use a single vendor’s connectivity technology.
How many providers does the colo facility offer? Robust data center connectivity requires a wide range of vendors, not just two or three. When there are more providers in a data center interconnection environment, customers benefit from pricing competition. Knowing that a colocation customer could easily shift from one cloud platform to another also incentivizes those providers to offer better services. For healthcare organizations looking to build networking data solutions for their present and future needs, a strong vendor marketplace in a colocation environment offers tremendous flexibility and opportunity.
And finally, just how good is the data center’s infrastructure? Data center connectivity options won’t amount to much if the facility is prone to excessive system downtime. Inadequate power and cooling management can cause servers to go down frequently, costing healthcare providers enormously in terms of revenue and brand reputation. Without experienced technical personnel on hand, human error is also more likely to disrupt services. Complete with a documented history of uptime reliability, a facility worthy of a healthcare provider’s trust should have a proven track record of maintaining its data center infrastructure. High availability is essential, and a healthcare provider’s digital transformation depends upon it.