Last updated: 16 May 2016
When we think about industries and the significant challenges with handling PII and PCI, the ecosystem surrounding healthcare bears specific attention. In today’s world this medical ecosystem has undergone significant change based on the following criteria:
- Changes in What Constitutes Healthcare – the amount of healthcare options available to consumers has grown significantly – from traditional bricks and mortar healthcare providers (hospitals and clinics) to now also encompassing new service providers (telehealth, naturopaths, kinesiologists, etc.) and the creation of non-traditional healthcare, found in the alignment between drug store chains and community-based organizations to create Accountable Care Organizations (ACOs) to service communities and reduce healthcare inequities.
- Provision of Coverage – many governments have changed their level of support for individual health care. Citizens and employers are now starting to offer greater autonomy to their employees in order to determine specific coverage needs.
- “Bigger” Data – given the changes stated above, there now exists even more data – but the challenge is growing on how to manage PII and financial information while ensuring the raw data can be used to advance research.
According to a recent survey conducted by Premier and the eHealth Initiative, 95 percent of providers said that their ability to transmit data across care settings is limited by interoperability challenges. Exchanging data becomes even more challenging as healthcare providers work to extract granular information from disparate sources by expanding their IT with data warehouses.
Therefore, it makes sense that these healthcare organizations seek solutions that provide the following criteria:
- Support & Exchange Data Securely –providers must to be able to securely exchange data as it relates to care, whether it is patient data, payment records, medical history, claim history, treatment results. In countries such as the US or the European Union, the secure sharing of information between member states is critical.
- Support Healthcare as a Service – secure cloud (whether hosted by private or public medical network) becomes an increasingly advantageous method of sharing patient PCI/PII. Therefore, any solution selected needs to have the ability to scale to the cloud as needed. Once there, securing access as required based on the particular use case requires a solution that provides that flexibility.
- Enable Key Management To Support Encryption Use Cases – to ensure appropriate access to this vast array of data, providers require a solution that associates keys to the data repository – besides restricting access to data, interoperability with a variety of applications ensures the key manager acts as a gatekeeper to the data.
In addition to secure key policy and management, SafeNet KeySecure and Virtual KeySecure together with Crypto Pack encrypt structured or unstructured sensitive data, and provide access to leading key management interoperability protocol (KMIP) supporting appliances – all in one centralized platform. KeySecure with Crypto Pack is available as a FIPS-validated hardware or hardened virtual security appliance for cloud infrastructures.