Cleveland Clinic focuses on PHI security and compliance with ClearDATA and AWS.
Cleveland Clinic is a nonprofit multi-specialty academic medical center that integrates clinical and hospital care with research and education. Founded in 1921, the clinic handles 5.1 million patient visits per year, and employs 3,000+ physicians and scientists. It is consistently ranked as one of the leading healthcare providers in the nation. In fact, U.S. News & World Report ranks Cleveland Clinic as one of America’s Top Five Hospitals.
Multiple Sclerosis Performance Test (MSPT)
Nearly two decades ago, Larry Ruvo, the vice president and general manager of Southern Wine and Spirits of Nevada and well known philanthropist, set out to create a medical facility to honor his father, Lou, who suffered from Alzheimer’s Disease. Part of the Cleveland Clinic, the Lou Ruvo Center for Brain Health opened on May 21, 2010 in Las Vegas, Nevada as a national resource for the most current research and scientific treatment of Alzheimer’s Disease, Parkinson’s Disease, Huntington’s Disease, and Multiple Sclerosis.
“We are at the crossroads of transitioning from volume-based to value-based healthcare.” says William Morris, hospitalist and associate chief information officer at the Cleveland Clinic. “The Healthy Brain Initiative is just one way we’re adding value by helping people learn more about what it takes to avoid or minimize the risks of developing debilitating brain diseases.”
As part of the MSPT, Cleveland Clinic wanted to establish its own research by gathering information directly from the patients themselves by developing the “Healthy Brains” app. This mobile app would track physical exercise, nutrition, sleep, social interaction, and other factors that contribute to brain health. This type of app offers great potential to collect multivariate data efficiently. But because it can be accessed from different locations and devices, it also presents significant PHI security and compliance challenges. These are the types of challenges ClearDATA excels at solving.
Scott Whyte, Advisor and Former Chief Strategy Officer at ClearDATA, added: “Cleveland Clinic built the MSPT application using Amazon Web Services (AWS) and its suite of services. AWS provides a great environment for experimentation. It’s not hard to set up coding instances without huge capital expenditures to get things started quickly, find out what works, and either abandon or build on it. But before it could be released, they needed to have additional levels of PHI security, Business Associate Agreements (BAA) and legal arrangements that would meet the very stringent requirements of the Cleveland Clinic. In addition to AWS, we also know healthcare, because that’s all we do.”
When the Cleveland Clinic came to ClearDATA with a demanding list of security, privacy and compliance requirements for their application. ClearDATA was able to map those AWS services to those requirements and build a solution that Cleveland Clinic’s needs.
Whyte added: “One of the key AWS services that we use is CloudTrail. It allows us to monitor and have logs for all the activity across the environment. And then analyze those to understand who has had access, when and where. We can then combine those logs for auditing, to be sure all access is the intended access.”
Security & Compliance is Key
One barrier to moving quickly in healthcare is security. One of the best ways to address those barriers is through certifications. HITRUST is considered the gold standard of healthcare data security certification.
ClearDATA is HITRUST certified. This appealed greatly to Cleveland Clinic and helped accelerate approval of the project.
“We are all about driving the best quality at the lowest cost and putting patients first,” Morris concluded. “We want to focus on what we do best, which is taking care of patients.” Morris says. “What we should not be doing is recreating the wheel on our own when it comes to technology, security, and privacy. That’s where AWS and ClearDATA help.”