Patient privacy is vital in healthcare (no pun intended), yet delivering on this promise falls heavily on understaffed IT and security teams. Strict regulations carry heavy fines for compliance violations, while data breaches sever precious trust between patients and providers.
Making matters worse, limited resources strain to secure layered legacy systems full of sensitive data. Well-meaning clinicians shortcut security policies, jeopardizing protections for the sake of patient care and productivity. Meanwhile adversaries relentlessly probe networks for any crack to exploit.
Despite these immense challenges, providers must lock down access and monitor data flows to meet ever-expanding privacy mandates. At the helm of it all is people like Dan Wagner, who specialize in helping healthcare organizations strengthen their compliance posture and patient trust.
Wagner comes from 66degrees, a niche consultancy exclusively focused on Google Cloud and Workspace platforms. With deep Google technical expertise forged from being born in the cloud in 2010, helping organizations with Microsoft-to-Google migrations, 66degrees now helps healthcare organizations (along with retail and finance) safely progress their cloud modernization journeys.
We sat down with Wagner for a peek under the surface of healthcare compliance in all its complexity. Joined by Virtru’s Rob McDonald, the two dive deep into the current state of healthcare data security, the challenge of building patient trust, and winning strategies moving forward.
You can watch the full conversation by selecting the button below (and receive a complimentary coffee gift card), or continue for the written recap.
While no industry is bulletproof from cyber threats today, Wagner suggests healthcare often lags on security fundamentals. Factors like lean IT budgets, decentralized record-keeping, and lack of cloud expertise widen exposure.
“You’d be surprised how many organizations don't know how data is structured... or don’t have basic controls in place,” Wagner remarks. “That’s where you start untangling the rope.”
When looking at the healthcare industry in particular, Wagner sees deficiencies in identity and access management essentials like multi-factor authentication, yet these are foundational requirements for all other controls.
Having formerly worked for an optometrist as an optician, Wagner has experience in protecting patients’ information in the office, evolving the methods used to protect them, and forging trust first-hand. He’s carried this thread of empathy through his whole career, and now uses it to approach data privacy with a fresh perspective.
With regulations covering their bases legally, we asked Wagner whether healthcare organizations take the extra step to instill patient confidence through their security postures. Overall, the sentiment seems to be that the industry as a whole is making this shift.
“Not only do we care about your health, but we also care about who you are, from an identity perspective,” he explained.
Providing transparency into policies and protections ultimately nurtures trusting physician-patient relationships. Promoting visibility, encryption and governance showcases good data stewardship that regulations don’t address.
“There's so much more awareness today around data awareness, data visibility, data protection,” concurred McDonald. “These concepts - they just were not in the awareness sphere before, but today it is.”
Of course, each healthcare provider has unique needs, workflows, and systems reflecting their specialty. Wagner helping tailor controls rather than take a one-size-fits-all approach gives him an edge.
He looks at how data should flow to care team members to best inform patient outcomes. With those human workflows mapped, he overlays the minimum controls to enable productivity without sacrificing HIPAA compliance.
“There's an old adage of saying you want to be the smartest person in the room. I don't believe that for my role,” said Wagner. “The smartest person in the room is the actual customer, because they're going to tell me what will make them successful. I'm only going to help them find their way to it.”
While the previous strategies shore up internal security, the toughest compliance challenges often emerge in data exchange with external healthcare entities. Wagner notes conquering interoperability is crucial as the industry fixes its fragmented and siloed data landscape.
He pragmatically assesses each data sharing avenue case-by-case based on risk levels. With a solid data classification program combined with purpose-built controls around email encryption, secure file transfer and access management, he stems uncontrolled data flows.
The end goal is frictionless security letting physicians focus on medicine rather than getting bogged down by security tech.
Finally, we asked Dan to step back and forecast the trajectory for healthcare privacy programs. He expects continued modernization out of dated systems into cloud platforms for efficiency and security gains. He also says we’ve only scratched the surface of transformative technologies like AI - but need updated compliance models accounting for automation.
While cyber threats and regulations will always be moving targets, he aims to give healthcare organizations a leg up securing data. Patient wellbeing depends more and more on getting data protections right. By becoming a trusted data steward, healthcare providers can focus on their life-saving work rather than compliance fires.