AWS Marketplace

Streamline secure and compliant healthcare cloud adoption

As healthcare organizations embrace innovative cloud solutions, concerns around security, privacy, and compliance take center stage. Healthcare leaders face unique challenges in maintaining the integrity of patient data while adhering to stringent industry regulations. 

I recently led a webinar to explore how healthcare organizations are handling data security and compliance. Machinify Chief Information Officer David Levinger joined me, to share how his organization embraces cloud technology without compromising patient privacy or data security.

This post highlights key takeaways from Machinify’s compliance journey, the trends shaping the healthcare landscape, and excerpts from the Q&A session. You can view the Streamline secure and compliant healthcare cloud adoption webinar for the entire discussion.

Trends transforming the healthcare data security landscape

The adoption of cloud technology is fundamentally changing how healthcare data is collected, stored, and shared. It is also changing how the industry approaches data security and compliance. Listed next are key challenges and trends transforming today’s healthcare data security landscape:

  • The rising cost of compliance The average hospital devotes 59 full-time employees to compliance. As government regulations increase globally, healthcare organizations need to find new ways to optimize and scale their security operations.
  • Public cloud adoptionMore than 70 percent of healthcare organizations use multiple public clouds. The popularity of public clouds demonstrates that managed and hosted services are viable approaches for supporting growing security and compliance needs.
  • Electronic Health Record (EHR) targeting by cybercriminalsAlmost 90 percent of office-based physicians and nearly 100 percent of hospitals use EHRs, making them high-value targets for cybercriminals. In response, healthcare organizations are implementing Zero Trust security models, which offer additional layers of protection across hybrid and cloud environments.
  • Artificial intelligence (AI) and machine learning (ML) adoption – As these technologies play increasingly prominent roles across healthcare, the industry anticipates better tools being developed to improve data security and compliance at less cost. However, there is also a risk that AI will be used by cybercriminals to create new security risks.

Machinify uses ClearDATA to streamline HIPAA and HITRUST compliance

Machinify provides cloud-based AI software to automate the healthcare claims lifecycle. Its platform employs ML and data analytics to help people get the right medical care at the right time and price.

Machinify consumes large amounts of personal health information (PHI) to train its AI models and offer high-confidence predictions. For this reason alone, Machinify must comply with the Health Insurance Portability and Accountability Act (HIPAA) and pursue Health Information Trust Alliance (HITRUST) certification.

“For payers to feel comfortable sharing data with us, we had to answer exhaustive security questionnaires,” said David. “Some questionnaires contain more than 300 questions, making onboarding new customers extremely challenging and time-consuming.”

To address its compliance requirements and efficiently communicate its security capabilities to new customers, Machinify partnered with ClearDATA. ClearDATA offers healthcare-native cloud security posture management (CSPM) software that prevents, detects, and remediates compliance drift and sensitive data security gaps.

ClearDATA’s CyberHealth Platform runs in Machinify’s Amazon Web Services (AWS) account. The platform provides Machinify with a reputable HIPAA and HITRUST compliant environment and security services, including:

  • 24/7 managed detection and response.
  • Automated safeguards that check each action against specific controls and ensure deployment of properly configured services.
  • A cloud operations team that augments Machinify’s internal teams.
  • Clear segregation of duties that de-risks Machinify and its customers.

While David shared several benefits from his company’s partnership with ClearDATA, one that stands out for him is easier customer onboarding. “Because ClearDATA is HITRUST compliant, we can often bypass the cumbersome security questionnaires. This significantly reduces the time between initial engagement and the customer entrusting us with the data that allows us to deliver value”, he said.

Q&A

I asked David several follow-up questions about his presentation during our Q&A discussion.

Q: How do you balance the need to manage security within your organization versus working with a trusted partner like ClearDATA?

A: “I think it’s a false equivalency because very few organizations specialize in security. If you don’t specialize in it, you’re not better suited to solve it than companies whose entire purpose is security and compliance. Most large enterprises would never attempt to do complex security or compliance operations purely internally. They have internal security teams, certainly, but these teams work with external security partners. Working with parties that live and breathe security drives a perceived and actual increase in security for organizations and their customers.”

Q: How do you think about AI and the challenges regarding security, compliance, and patient care?

A: “Long before the recent uptick in excitement related to ChatGPT, we were figuring out how to use AI to improve the products we create. However, as most everyone knows, AI models will happily make things up. They will tell you things that are demonstrably false or, at the very least, misleading. As a result, there is concern that AI may not lead to better outcomes.

“To avoid this, we train our AI models on a lot of data, and that data is most likely PHI, which means security has to be top of mind. Also, we keep humans in the loop. If our automated processes can’t approve prior authorization with high confidence, a human reviewer steps in to make the final decision. These safeguards lead to people getting care faster, providers being correctly compensated for that care, and payers paying for the right treatment at the right price.”  

About AWS Marketplace and next steps

How can your organization address compliance and security in the cloud? AWS Marketplace has security solutions, like ClearDATA, to help healthcare organizations comply with their industry’s stringent regulations.

AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage third-party software, services, and data. It offers quick, easy, and secure deployment, flexible consumption and contract models, and streamlined procurement and billing operations. Over 330,000 organizations, large and small, use AWS Marketplace monthly to accelerate digital transformation and improve efficiencies across their enterprises. Research from Forrester estimates it takes half the time to find, buy, and deploy solutions through AWS Marketplace compared to other channels.

Visit Healthcare solutions and software in AWS Marketplace to learn more about the solutions available in AWS Marketplace.

View the Streamline secure and compliant healthcare cloud adoption webinar to learn more about the topics discussed in this post.

About the Author

michael-leonardMichael Leonard is the Global Healthcare Lead for the AWS Partner Organization. Michael develops healthcare independent software vendor (ISV) partnerships to help AWS partners grow their businesses and use AWS Marketplace and AWS Data Exchange as channels for customers to procure partner solutions. Prior to joining AWS, Michael held roles in business development, product management, and engineering at Commvault, Iron Mountain, Merge Healthcare, and GE Healthcare. He built and managed teams to develop healthcare solutions in the areas of medical imaging, EHRs, hybrid cloud storage, and data protection.