Healthcare Technology Featured Article

September 23, 2019

Security in the Age of Big Data

The volume of sensitive personal and medical data generated by healthcare facilities and organizations is growing exponentially and is forecasted to continue to do sofor decades to come. This staggering reality poses both an opportunity and a challenge for information managers, many of whom are just beginning to understand the potential of these massive data flows. As such,they are expanding their research and adopting tools to organize and guarantee the security of that information in the most effective and appropriate way.

The “what” and “how” of data security

The “what” of data security is simply defined. It refers to the protective measures taken to secure sensitive data and prevent its unauthorized access to computers, databases and websites. Data security also safeguards data against corruption. The “how” is much more complicated.The days of securing over-stuffed manila folders in locked file cabinets havesurrendered to the age of Big Data, where the volume of data being stored in a Cloud environment has ballooned.At the same time, the environment has provided cyber criminals with almost unlimited opportunities to access data for illegal gain.

In this new environment, data security requires that, in order to properly identify both the data and the sources that produce and handle it,it is

       Harsha Gummadavelli

critical to classify the data—its typology, origin, and structure—of what is being stored. Each organization and worker with access to the information—from the staffer who originally collected the information at the hospital or physician’s  office to the insurance company employee who inputs the data—must be committed to the process of maintaining the security of the data they handle, from initial compilation to its storage in the Cloud.

Standardization of data

Standardization of data, particularly of common terms such as simple state designations, would be an effective way to classify data from a variety of sources and, at the same time, ease authorized access. For example, references to the state of California in address data are currently shown, depending on the whim of the data collector, as Cal., Calif., and Ca. The ready retrieval of desired data would be eased significantly if an algorithm was implemented that would automatically reassign all of the aforementioned state designations to a single identifier, namely the authorized bi-alpha postal code for the state, CA.

Of equal and paramount importance is the correct classification and encryption of data, as they help avoid the inefficiency of taking a one size fits all approach to data security or committing the error of arbitrarily choosing what data is worth expending resources to secure.

The performance of regular audits and the implementation of granular access control mechanisms allows healthcare organizations tocreate a security context in which to apply specific solutions for the handling and storage of Big Data.

With a strong standardization, classification and encryption strategy in place, organizations will be able to better understand thedifference between regulated, internal-only, and public data. This insight intelligently elevates datarisks based on the impact of a breach.

Without them, as well as other effective data protection solutions, including data loss prevention and advancedthreat protection, effective security at all stages in the data process will be laid open to possible compromise by cyber thieves.

The Cloud environment

Doing that means bringing together a Cloud computing environment with the storage and processing capabilities of Big Data, which will require new appropriate security measures. Proper data standardization, classification and encryption will also help the creation of an attribute-based environment, which will result in more secure Big Data.

Once these measures have been folded into the process, it is equally important to make sure users are aware of data classification policies and to ensure they understand why a program is being put in place. An effective policy balances the confidentiality and privacy of employees and users against the integrity and availability of the data being protected.A policy that is too stringent can alienate staff and impede their ability to carry out their jobs. On the other hand, if it’s too lax, the very data the health organization, no matter the size, is trying to protect could be put at risk with its reputation and ability to function effectively put in serious jeopardy.

With the increasing volume of sensitive healthcare data a reality that cannot be ignored, the ability to track, classify and protect it is no longer a luxury. An effective data standardization, classification and encryption strategy form the foundation of modern security initiatives, allowing healthcare organizations from the smallest doctor’s office to the largest HMO to quickly identify which data is most valuable to the organization and ensure it is readily accessible and completely secure at all points along its entire life cycle.

About the Author: Harsha Gummadavelli is a Senior Architect at a leading cloud data management company, specializing in implementing data protection software for organizations across the globe. He has worked with a number of Fortune 500 companies and has garnered vast experience specifically working with healthcare clients to enhance their data protection programs. He can be reached at [email protected].

Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
By Special Guest
Harsha Gummadavelli, Senior Architect ,


FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]