Security and Compliance of Healthcare Exchange Platforms

imagesLast week news and media outlets disclosed that hackers breached a test server earlier this summer.  This announcement has increased concern about the overall vulnerability of healthcare organizations. With the rise of healthcare exchanges, both private and ACA, it is important to address the issue of security and compliance to protect sensitive data. While individuals browse the exchange platforms, personal information such as names, Social Security numbers, and date of birth could be compromised. The security of personal health information (PHI) should be a key focus for a successful health care exchange.

According to a recent article in InformationWeek, ‘10 Ways to Strengthen Healthcare Security’, “As providers, payers, employees, patients, and partners become increasingly intertwined through shared data, transparency, and analytics, the opportunities for loss, error, or theft grow exponentially.” This is why the security and compliance measures of healthcare exchanges need to be taken seriously. A “one stop shopping experience” that many private healthcare exchanges boast, requires additional security measures.

Looking to join a private exchange? An important consideration for employers looking to transition to a private exchange might be the security features of that exchange. Certain questions employers might ask when evaluating private exchanges include:

What Technology Platform does the exchange operate on and is that platform susceptible to hackers?

Does the exchange’s data reside in “the cloud” or on a physically and technologically secure, proprietary data warehouse?

Does the exchange have programmers and IT engineers on staff to manage security or is it outsourced to a software technology vendor?

Does the exchange’s security measures comply with – and exceed – current federal and state guidelines for protecting PHI (as defined by HIPPA)?

What are the exchange’s security procedures if there is a security breach?

For more on healthcare security measures, please click here.