March 8, 2021

Steph Charbonneau: HIPAA and 2021 Healthcare Data Security Trends

Written by Steph Charbonneau, CTO at Titus, A HelpSystems Company

The ramifications of this year’s global pandemic will continue to drive unprecedented digital transformation through 2021. In 2020, the widespread adoption of remote working, cloud computing and the advances in telehealth under Covid-19, put the global healthcare system to the test like never before.

But despite the rapid escalation in cyber security breaches, precautionary measures around data security and maintaining compliance to the critical Health Insurance Portability and Accountability Act (HIPAA), necessarily took a backseat, whilst organisations at every level of the healthcare ecosystem struggled to respond to overwhelming demands in critical global patient care.

Now as we look to 2021, global healthcare must refocus to exercise best practice in the three key areas of administrative security, physical security, and technical security. We will undoubtedly witness new data security trends and threats, and in particular, organisations must be alert to some possible proposed changes in HIPAA regulation.

 

Security and Classification – A Post-Pandemic Priority

Data sharing requirements between GPs, labs and other specialist healthcare providers and insurers, is the main reason why the industry is governed by HIPAA. But the healthcare system could not operate properly without this.

Keeping PHI, PII and PCI private in such a burdened, fast-moving and complex industry will continue to be an incredibly complex challenge – especially for smaller organisations delivering on-the-ground, day-to-day health care. And because of its very nature, healthcare has and always will continue to be a hot target for cybercriminals.

Cyber security will continue to be a critical concern for healthcare organisations everywhere in 2021 and we can expect to see better, stronger security solutions thanks to our experiences under Covid-19. Healthcare organisations will adopt stricter data security protocols and enhanced security cultures. New methods of working, policies, priorities and technologies will emerge under the new remote working and telehealth scenarios we have adopted. And data classification and security will continue as a priority concern post-pandemic, at every level of the healthcare ecosystem.

Cyber Resilience

‘Cyber Resilience’ has started to enter the mainstream, as healthcare’s focus turns from just securing the borders to making sure operations can bounce back after an attack, through cyber resilience practices that ensure that all network and systems data is protected and can be recovered rapidly in the event of a data breach.

In 2021 security vendors will be in a race to deliver next-generation tools and processes to safeguard hospitals, GP practices and associated patient healthcare organisations, taking patient data security a step further. Globally, cyber resilience frameworks will emerge as everyday strategies to address compromised data.  The end goal will be to protect data, reduce or eliminate data breaches, and meet the growing list of regulatory compliance requirements, under HIPAA, GDPR and new regulations like the CCPA in California.

Enhanced Edge Technologies and Security Solutions

Beyond PHI, PII and PCI, healthcare organisations will embrace new edge and remote technologies to implement more security practices to further safeguard the distributed workforce of the future. The rapid shift to more employees working remotely in 2020 is here to stay and has exposed the vulnerability of home network environments, which are often less secure and more exposed than corporate healthcare networks. This will continue to force healthcare providers to think beyond securing data only within the walls of the organisation’s network, implementing essential metadata support across files and emails that deliver data loss prevention (DLP), enterprise rights management (ERM), cloud access security brokers (CASB) and next-generation firewall solutions across the entire remote network.

Changes to HIPAA Regulations to be Debated

Certain HIPAA safeguards were relaxed in 2020 but now that telehealth has become the norm, we must look to modify elements of this regulation in line with our new working normal. Regulators must consider the key learnings under Covid-19 that should be incorporated into existing privacy and security safeguards, ensuring an optimised, integrated and future-proofed data security solution going forwards.

HIPAA regulations protect everyone from doctors, hospitals, and private healthcare administrations to health insurance companies in the industry. This makes these guidelines essential for a wide selection of healthcare providers and business leaders and healthcare organisations must ensure they are meeting these exacting standards of security.

Luckily, data protection schemas exist that deliver identification and classification to data sets automatically, identifying PII, PHI, PCI and other sensitive sets of patient information. They also help establish and enforce a uniform system of classifications and markings to documents and emails, lowering the burden on front-line staff and delivering a solid foundation in data governance strategy across the entire organisation.

Through a robust and integrated approach to data governance, healthcare can continue to meet with HIPAA industry data regulation, reduce insider threat and instil confidence at every level of the organisation that combatting the rising tide of cyber criminality in 2021 is achievable.

For more information about HIPAA visit Titus’ website: https://titus.com/solutions/regulatory-compliance/hipaa