Compliant. Secure. Dependable.

Transcription

1 NAVIFY Cloud Security with the NAVIFY Tumor Board solution Compliant. Secure. Dependable. Trust that your oncology patients healthcare information stays protected.

2 In the era of precision medicine, you can keep patient data secure and accessible to the right specialists. Security breaches are on the rise In 2017, huge data breaches in systems such as Indiana Medicaid (1.1 million enrolled patients) and Molina Healthcare (4.8 million patient records compromised) continue to affect the integrity of healthcare systems and expose major vulnerabilities in their security protocols. 1,2 HIPAA privacy and security breaches are on the rise, costing the U.S. healthcare industry an estimated One recent survey found that nearly one-third of patients would change caregivers if their protected healthcare information was breached. 1

3 The NAVIFY Tumor Board solution is built to keep healthcare data safe Healthcare organizations face many unique challenges when it comes to their technology, which is why adopting purpose-built cloud-based solutions is becoming an industry-wide best practice. Cloud deployment allows access to expansive resources and expertise, is flexible enough to scale or integrate with other hospitals systems, and most importantly, runs regular, fully-tested system safety checks for protection against the latest cybersecurity threats. Roche built the NAVIFY Tumor Board solution from the ground up to be deployed and hosted in the cloud, partnering with industry leader ClearDATA to ensure protected health information (PHI) remains secure. The NAVIFY Tumor Board solution is built around safeguarding all the different kinds of sensitive data being entered into it, including patient data from EMRs, imaging data from PACS, laboratory results, etc.

4 Delivering best practices securing data in the cloud When moving computer systems and data to the cloud, security becomes shared between the software and the cloud service provider. This shared model can reduce operational burden and assure data is only accessible by authorized users. 4 As the diagram below shows, ClearDATA provides a managed service to host the NAVIFY Tumor Board solution on the Amazon Web Services (AWS) infrastructure. AWS takes responsibility for securing the underlying infrastructure that supports the cloud, and the actual physical hardware needed to do so. ClearDATA then controls what gets deployed into the infrastructure, audits who accesses the infrastructure, and monitors what is happening in the infrastructure. The multi-tier authentication established by its cloud service providers help the NAVIFY Tumor Board solution add layers of protection on top of the traditional username and password. THREE LEVELS OF CLOUD-BASED SECURITY TO PROTECT PATIENT DATA The NAVIFY Tumor Board solution: Application Patient Data ClearDATA: Operating System Network & Firewall Configuration Encryption AWS: Compute & Storage Global Networking Services On-site Surveillance

5 Certified and dependable cloud partners Amazon Web Services (AWS) serves several of the world s largest healthcare companies with their cloud infrastructure. Roche chose to partner with AWS to leverage their experience with meeting security and privacy requirements that help safely manage PHI in the cloud. In addition, Roche has also partnered with ClearDATA, who builds their capabilities on top of AWS. More than 350,000 healthcare professionals trust ClearDATA to protect their patient data and power the back end of their critical applications. 5 ClearDATA is certifi ed by the Health Information Trust Alliance (HITRUST) 6 to be fl exible and efficient enough to rationalize the industry s mandatory regulations and standards within its security framework. And its ISO certification 6 can help assure that any changing security needs in the future are managed on an ongoing basis in a holistic, comprehensive manner. ROBUST CERTIFICATION Certification/ Compliance Infrastructure (ClearDATA) The NAVIFY Tumor Board solution (Roche) HIPAA HITRUST 2018* ISO * *Estimated.

6 Why the cloud over on-premise systems? While some IT healthcare professionals worry that the cloud is not as secure as on-premise IT resources and servers, investigations into the highest-profile and most costly data breaches have found that the entry points existed within on-premise company firewalls, rather than at cloud infrastructure points. 7 Cloud platforms not only undergo rigorous penetration testing and allow for a more rapid response to security issues, but also offer various operational advantages that help healthcare IT systems run more smoothly. Systems built using cloud services can support rapid development and innovation to help prepare IT systems for growth and the future needs of care teams. 8 For example, the ability to share healthcare information between care specialists easily and securely is crucial for optimal care, and cloud services are good enablers of streamlined communication. Unlike on-premise systems, the cloud offers users remote access to applications and data at anytime from anywhere, introducing global collaboration possibilities for multidisciplinary teams. HEALTHCARE DATA IN THE CLOUD Over 75% of surveyed healthcare organizations either have their PHI data in the cloud, or anticipate migrating to the cloud in the near future. 9

7 Moving to the cloud provides more expansive resources for collaboration to help improve outcomes, and protects against the latest, everevolving threats of a data breach.

8 To learn more, visit us at NAVIFY.com/tumorboard. References 1. Javelin Strategy and Research. Avoidable Collateral Damage from Corporate Data Breaches: Assessing the Effects of Data Breach Remediation on Financial Institutions, Healthcare Providers, and Merchants. images.chaptermanager.com/chapters/6c046b1c e72-8ca01ebbaf7c/files/javelin-avoidable-collateraldamage-from-corporate-data-breaches pdf. Published April Accessed August 15, HealthcareITNews. The biggest healthcare breaches of 2017 (so far). biggest-healthcare-breaches-2017-so-far?page=19. Accessed August 15, Ponemon Institute LLC. Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. idexpertscorp.com/acton/attachment/6200/f-04aa/1/-/-/-/-/resources%20-%20sixth%20annual%20benchmark%20 Study%20on%20Privacy%20and%20Security%20of%20Healthcare%20Data%20.pdf?cm_mmc=Act-On%20Software- _- -_-id%20experts%20download%20-%20sixth%20annual%20benchmark%20study%20on%20privacy%20 %26%20Security%20of%20Healthcare%20Data-_-Download%20Now&sid=TV2:9jSw7ddN2. Published May Accessed August 15, AWS Security Best Practices whitepaper. Practices.pdf. Published August Accessed August 15, Data on file. ClearDATA Web site homepage. Accessed August 15, ClearDATA. Amazon Web Services Partner Network Web site: PartnerDetail?Name=ClearDATA. Accessed August 25, Where is your data safer? In the cloud or on premise? InfoSec Institute Website. where-is-your-data-safer-in-the-cloud-or-on-premise/#gref. Published October 11, Accessed September 1, Cloud Standards Customer Council. Impact of Cloud Computing on Healthcare. Version deliverables/cscc-impact-of-cloud-computing-on-healthcare.pdf. Published February Accessed August 15, Level 3 Communications. The Cloud Evolution in Healthcare: HIMSS Analytics Survey Sheds Light on Where We ve Been, Where We Stand--And Where We re Headed. Produced in partnership with HIMSS Media, media/files/ebooks/en_cloud_eb_healthcare.pdf. Accessed August 15, Diagnostics Information Solutions (DIS) Roche Molecular Systems, Inc Shoreway Road, Suite 300 Belmont, CA NAVIFY.com/tumorboard 2017 Roche Molecular Systems, Inc.