This is the third post in a series on Trends in Healthcare by Darin Brannan. See the first post on the trend toward consumerism in healthcare here and the second post on mergers and acquisitions here.
This year we have seen a necessary surge of Healthcare IT start ups with venture capitalist funding making a dash to the public clouds in efforts to speed their apps and solutions to a healthcare market that is suddenly evolving very quickly.
While the intention there is right and good, there is a risk if these young companies and their funders don’t seek third party expertise in privacy, security and compliance. Luckily many are running directly to ClearDATA where we are getting them securely onto the cloud and keeping them that way from day one.
But here’s the problem – some aren’t coming to us early, and while these IT developers and founders may have keen consumer experiences and often really deep tech expertise, they are frequently unfamiliar with the healthcare ecosystem, most notably the heavily regulated requirements of healthcare. The ramification of that regulation will be profound upon their SaaS products, platforms and related services, as well as upon the portfolios of the investors who believe in them.
Many have cloud expertise and see “HIPAA Eligible” services being released by the cloud, so they light up their workloads and pretty quickly put themselves and their investors at risk because they don’t understand what people, processes and technology need to be employed to take those HIPAA eligible building blocks and make them HIPAA compliant, as well as how to maintain that continuous compliance as their environment evolves. It’s more complicated than it may appear. Learn more about that here.
ClearDATA can support these companies from the beginning by ensuring HIPAA eligible services are configured to be compliant, conducting security risk assessments, and the assurances our HITRUST certification provides them when they partner with us because we are healthcare exclusive so this complex market is our one and only focus.
To my venture capitalist peers, I was once a VC and know how exciting it is to see a smart young company ready to explode upon the scene with timely potential. It’s thrilling actually. But it’s smart to think privacy, security and compliance early, rather than getting caught up in what the app can do. We’ve been hired by some large investment funds to evaluate risk profiles early in this process and allowed the investors the time to get gaps shored up rather than find the risks, or worse have a security incident that tanks the whole deal. The dollar investment in ClearDATA is smart, and marginal compared to the losses that can be levied in the event of a breach where protected health information (PHI) or personally identifiable information (PII) is compromised.
If the company you are funding is new to cloud and not yet migrated, conduct a Security Risk Assessment and find out where the gaps are before a hacker does. If you are funding a merger or acquisition or a more mature start-up organization that is already on the cloud, I’m excited to announce an extension of our ClearDATA Comply™ software that evaluates security and compliance vulnerabilities in existing cloud environments and exposes where potential vulnerabilities exist. This addition allows organizations already on the cloud to use Comply to gain an understanding of resources that are in and out of compliance via compliance scoring and customizable reporting. Once you understand the compliance posture of your environment, you can choose to enable Comply Automated Safeguards and Remediation to automatically remediate non-compliant actions, but it is not required if you just want a view into what the situation really is. You can learn more about this here in our recent press announcement.
All of us looking to modernize healthcare believe it’s a great thing that there’s a lot of innovation happening in healthcare, and it’s affecting more start-ups than ever before, creating some exciting promise for the future. But healthcare has a target on its back. More than 35 million patient records were breached last year, and the offending organizations are having to pay millions in fines, not to mention the disruption to business, the loss of reputation and the ethical burden of knowing the harm they did.
To venture capitalists, I say this: protect your investment. When you give that funding, give it with the assurances you had someone highly qualified assess the risk landscape and threat matrix and made provisions to protect that company in a highly regulated landscape that has become the primary target of hackers across the globe. Then, lean in and help that business grow so we can all work together to make healthcare better, every single day.