HIMSS21 tech news: A cloud API data vault, a partnership for healthcare cybersecurity
Data privacy IT vendor Skyflow has launched Healthcare Data Privacy Vault, a "zero trust" data vault designed specifically for personal health information.
The new vault is delivered as a cloud API, allowing healthcare software teams to innovate more rapidly without worrying about patient privacy, data security, or HIPAA and other regulatory concerns, the company contended. The Healthcare Data Privacy Vault's customizable data schema supports the "HIPAA 18" – the 18 regulated data types specifically identified by the law – out of the box.
Building innovative healthcare software quickly is more important than ever, as patient expectations for digital solutions grow and patience with old-fashioned systems deteriorates, Skyflow observed. In addition, the COVID-19 pandemic has shown that well-designed and quickly deployed apps can play a key role in helping the healthcare system connect and communicate, and manage crises, it added.
Developers often have faced a difficult and time-consuming challenge when building these apps: how to handle highly sensitive and highly regulated healthcare data in an ever-changing regulatory environment. Developers had to either invest the time and effort into building their own DIY systems, or rely on a complex patchwork of point solutions, each of which solved only one facet of the problem, Skyflow said.
Inspired by Apple, Google and Netflix
Inspired by the data vaults built internally by companies like Apple, Google and Netflix that spend tens of millions of dollars on privacy, Skyflow has built a zero trust data vault that any health IT company can put into production in a few hours or days, the vendor contended. Development teams can build a Skyflow vault into their apps at the data layer.
The vault was specifically designed for healthcare data. Built into the customizable schema are the PHI privacy data types of the "HIPAA 18," including common healthcare data fields such as patient names, Social Security numbers, driver's license numbers, insurance details, medical record numbers and birth dates. In addition, the vault was created with health IT workflows in mind, with secure cloud functions and pre-built integrations to support the most common uses of health data.
The vault ensures data security with a polymorphic encryption approach – data is componentized and encrypted using different techniques. All sensitive data is isolated via a virtual private cloud, and a comprehensive, policy-based access control system ensures data is only used or shared as intended, Skyflow said.
The vault automatically tokenizes, anonymizes and/or redacts specific data based on rules set up by the security team. The API-first design ensures Skyflow can fit into any architecture, including legacy systems.
Skyflow is in HIMSS21 booth C300-30.
Nordic Consulting and Fortified Health Security partner
Nordic Consulting, a global health and technology consulting company, has partnered with Fortified Health Security, a healthcare cybersecurity company. The partnership is designed to enhance Nordic's expanding portfolio of solutions across key areas of strategic advisory, digital and cloud initiatives, implementation and support, and enterprise technology transformation.
"Cyberattacks on healthcare organizations are increasing in severity and frequency, with no end in sight," said Jeff Buss, CIO at Nordic. "Partnering with Fortified Health Security combines decades of collective healthcare expertise and a deep commitment to ensuring that organizations build and strengthen digital resilience.
"It is critical that our clients be prepared to take on cybersecurity challenges in order to protect their data, patients and communities," he added. "This partnership helps our clients accomplish this and much more."
The partnership aims to strike a balance between enabling business objectives and managing organizational security risk through technology-enabled services that address evolving cyberthreats across the healthcare landscape.
Through this relationship, Nordic will combine its expertise with Fortified's service delivery model to provide security advisory services as well as managed cybersecurity programs, threat intelligence and incident response services from its security operations center. These offerings align with Nordic's portfolio of health and technology solutions, helping clients drive system capabilities and operational efficiencies to successfully achieve their cybersecurity objectives, Nordic said.
Fortified Health Security is in HIMSS21 booth C354.
Twitter: @SiwickiHealthIT
Email the writer: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.
Gloss