Protecting patient data today requires more than just a solid data governance policy. It requires business intelligence tools that make data security a prime concern, and implements strategies like extensible security. In this article, we will explore key privacy and security considerations in healthcare BI, and how they ultimately protect patient data.

The key types of patient data used in healthcare, and how they can also be used in BI contexts

Every time patients interact with your organization, they leave data behind. This falls into three broad categories:

• Actual medical data, such as diagnoses, case notes, lists of medications taken or prescribed, allergies and vulnerabilities. Though useful in a BI context for everything from market segmentation to demand prediction, this data is very personal and sensitive.
• Administrative data, such as appointments, waiting lists and interest in particular services. BI tools can often draw insights about both individuals and categories of patients from this data, but it is also considered to be confidential.
• Demographic data, such as name, address and contact details. This data can be useful in a BI context by grouping patients into age classes, physical locations or other factors to draw insights into their care and commercial behavior. Demographic data is not considered confidential in and of itself, but it can ‘leak’ confidential information, such as when an address is that of a dementia care home.

No matter what type of patient information your business intelligence tool makes use of, you need to be sure your data governance policy protects it adequately.

Using extensible security principles to minimize risks to patient data privacy and security

Extensible security policies are a key part of modern data governance, and are especially useful when attempting to limit risk when using business intelligence tools. Chief among these risks are record disclosure via cyber-attack, data breaches and employee negligence.

Extensible data Security (XDS) allows a tool’s developers to supplement traditional role-based security policies, further restricting access to sensitive patient records by applying filters. Such extra protection is vital in a BI context, where tools will access data on-premises, in the cloud and via hybrid approaches. Traditional measures protect user and data center endpoints, but do a poor job of protecting data used by and stored in cloud-native BI tools and processes.

Practical guidance for healthcare organizations to implement effective privacy and security measures

Many of our clients will be primarily concerned with compliance to all HIPAA standards here, using security techniques like encryption, access control and staff training. HIPAA (and alternative regulatory schemes like the GDPR) do not mandate specific security technologies or techniques. They focus on the end result – denying unauthorized access to the information and restricting it to authorized types of use.

Ensuring that your business intelligence tools are compliant with regulations is your responsibility. However, data governance does happen to be one of our specialties. We can help.

Emerging technologies and trends in healthcare BI to protect patient data

Healthcare data breaches through hacking and accidental exposure are still on the rise, as are ransomware attacks. Ponemon tells us that more and more of these attacks are coming through the IoT route. As the use of managed and/or hosted services increases, especially for BI tools, there is an ever-greater need for appropriate security policies.

If you would like advice or support in applying the latest extensible security principles to your BI functions, we can help with that too. 

Conclusion

SaaS and cloud-based business intelligence tools are more and more a part of the medical industry’s repertoire, but they make use of very confidential patient data. All too often this data is not protected as well in the hosted environment as it is in on-site storage. Extensible security and other principles must be applied in order to protect your patents from exposure, and to protect your organization from the consequences of non-compliance.