News

ClearDATA collaborates with Google Cloud to up security, compliance


Originally published July 25, 2018 by Thomas Dworetzky at dotmed.com


Texas-based ClearDATA has teamed up with the Google Cloud Platform (GCP) cloud hosting service to permit healthcare organizations to up their security and protection game. 

“Our partnership with Google Cloud gives those wanting to innovate on Google Cloud Platform the chance to do so in a secure and compliant environment without fear of compromising sensitive health data, ultimately increasing their opportunities to advance healthcare and improve patient outcomes,” said ClearDATA CEO Darin Brannan in a statement. 

Specifically, ClearDATA customers can skip the effort of manually creating settings and applying compliance regulations – and cut down on the likelihood of human error that could expose data in the process – by using ClearDATA Automated Safeguards for the Google Compute Engine. 

In IT terms this includes “hardened images based on CIS (computer information system) benchmarks, data backups using automated snapshots, storage volume encryption, intrusion prevention, and enabled logging and log backups,” explained the company. 

The move will let healthcare industry developers make use of the Google Kubernetes Engine – an open-source container system that permits the automation of deployment and scalability of applications on the cloud. 

This means that via the ClearDATA compliance dashboard, the use of Kubernetes both allows a container-tech approach to application management and enables a clear view of the state of compliance with a variety of healthcare standards including HIPAA, GxP (general good practices) and GDPR (General Data Protection Regulation). 

When the company announced the release of its Compliance Dashboard on AWS (Amazon cloud services) in February, it stressed its ability to simplify audits and improve compliance visibility, the company said at the time. 

The dashboard gives cloud users “continuous, at-a-glance transparency into compliance, with actionable insights on a user-friendly dashboard as they prepare for framework audits,” the company noted, adding that it is “mapped directly” to HIPAA and GDPR guidelines. 

"The ability to easily provision our C2 Compliance Dashboard via AWS Marketplace means healthcare and life sciences companies experience commitment to a culture of compliance, but outside of the ClearDATA managed services Business Associate Agreement, and can have a view into their overall, and specific, HIPAA compliance in minutes," said Matt Ferrari, chief technology officer, ClearDATA. 

This latest ClearDATA-Google move comes during a period in which healthcare organizations find themselves increasingly under attack from hackers. 

This was highlighted by a recent May Protenus Breach Barometer report that nearly 1.13 million patient records were hacked between January and March 2018. 

That breaks down to an average of at least one data breach each day out of 110 disclosed during the quarter. 

“Healthcare organizations have been doing their best to utilize existing tools to detect threats to patient data, but due to limited resources and the use of primitive legacy technology, only a small amount of breaches are actually detected,” Robert Lord, co-founder and president of Protenus, told HCB News. “On any given day, there are millions of accesses to patient data within a single hospital's EHR. Healthcare organizations simply don't have the resources to review all those accesses.” 

The single largest breach took place at a healthcare organization in Oklahoma, initiated by an unauthorized third-party that gained access to the health system’s network of stored billing information of 279,856 patients. 

More than 5.5 million patient records were breached in 2017, according to another report by Protenus. The number of records breached in 2016 was five times greater, however, totaling 27,314,647. This was largely due to numerous large-scale hacking incidents that occurred in the latter part of that year.