HIPAA compliance: The case for data virtualization and masking

By Ted Girard
07:52 AM
Share

When you think of important information that should remain protected, health data usually comes to mind. Data breaches are occurring more frequently and health care data has become a high target for hackers. In fact, a U.S. Government Accountability Office (GAO) report earlier this year found that the number of data breaches involving information such as taxpayer data, census data, social security information and patient health information has more than doubled in recent years — strong evidence that federal agencies are struggling to keep individuals’ records private.

While government health organizations have made significant strides in securing their environments, many have not fully invested the time, money or resources to conduct a full Health Insurance Portability and Accountability Act (HIPAA) security risk assessment. As the new digital health landscape emerges with more and more physicians, hospitals and health insurance companies moving their health records to electronic systems — now is the time to adopt a solid IT security framework that utilizes the latest data protection technologies.

Compliance challenges
The health care industry is very attuned to the heightened awareness and scrutiny related to security breaches and privacy protection, and the significant impact they have on patient trust and regulatory compliance. Today, data is being generated by patients, health records systems, consumer apps and medical devices at an exponential rate. As health technology advances and promotes the seamless exchange of this data across electronic platforms, challenges around data access, security and reporting are becoming more profound with variables of risk, complexity and cost.  

Data security is constantly evolving — as more sophisticated threats emerge and the number of regulations increase — it becomes even more difficult to secure and protect that data. The associated cost and pace of regulatory reform is proving unsustainable for many government agencies, especially in meeting new security standards and delivering necessary data to support compliance reporting. To compound matters, health care applications which contain sensitive data are moving to the cloud making it more complicated to protect sensitive information.

Virtualizing, securing and complying
Government IT departments wrestling with growing volumes of health data are quite often relying on old approaches to data management. Copy data is extremely important to most organizations and is used for various purposes, including development, quality assurance, reporting, training and backup. As the size of data within applications and databases has grown, so too has the number of teams requesting copies. It is apparent that new health care reform measures have made it more difficult for agencies to effectively and efficiently manage massive amounts of data. 

Data virtualization is fast becoming a powerful and proven technology for improving data quality and agility, as well as meeting data security, governance and compliance requirements. Virtualizing data accelerates copy provisioning to a matter of minutes with far less storage requirements (90 percent less infrastructure). With data virtualization coupled with data masking, the process of creating a structurally similar but obscured version of the original data, protected copies can be provisioned at any point in time — providing “data on demand” without concerns that data will be lost, altered or duplicated.

Data virtualization along with agile data masking allows agencies to develop or upgrade mission-critical applications without interruptions, accelerating application development by up to 50 percent. No matter what format the data exists in or where it is located (on-premise, in private clouds or in public cloud environments), virtual data masking ensures that sensitive information does not enter non-production systems.

HIPAA
HIPAA regulations impose major data-related security, reporting and auditing burdens on agencies of any size and mission.

At its core, regulatory compliance is about governing the data. To comply with HIPAA regulations and to enhance efforts to secure information, government health organizations should embrace the concept of virtualizing data environments.

Virtualizing data can turn the tide by automating many of the security and compliance-driven mandates and by reducing operational expenditures — enabling federal agencies to take back control over their data and streamline projects — freeing up budget to complete initiatives and drive innovation.