Executive corner

Two essential ways to make your practice data more secure

By David Slazyk

Blog    Two essential ways to make your practice data more secure

You have good reason to be concerned about the security of your practice’s data. The last three years saw 955 major security breaches in healthcare, leading to exposure or theft of more than 135 million healthcare records and affecting more than 41 percent of the U.S. population.1

For the foreseeable future, healthcare data will remain vulnerable to phishing, social engineering, ransomware attacks, email scams, and other dangers. Practices need to know what they can do to ensure their data is as safe as possible.

At NextGen Healthcare, we are committed to two important paths to enhancing the security of your data:

  1. Operating within a credible, comprehensive security framework, one that is verified by an independent third party
  2. Using the most advanced security controls available, as exemplified by our collaboration with Amazon Web Services

Ask an independent third party

Verification of a vendor’s security practices by an independent third party provides the best evidence that your data is protected to the fullest extent possible.

An independent third party:

  • Asks all the questions that you would want asked as well as additional questions
  • Vets vendor security standards
  • Views physical evidence to support a vendor’s security claims
  • Affirms the vendor is meeting all requirements to achieve certification
  • Confirms the vendor adheres to an established security framework

The bottom line: When it comes to security practices, don’t accept a vendor’s word. Seek confirmation from an independent third party.

NextGen Healthcare uses the Health Information Trust Alliance (HITRUST) framework—the most widely-adopted security framework in the U.S. healthcare industry. This security framework ensures that we are not only meeting HIPAA regulations but the standards of globally recognized security organizations, such as the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST), the Payment Card Industry (PCI), and others. HITRUST takes the best from these standards and incorporates them into its own set of controls.

The team at NextGen Healthcare put in 19 months of day-in, day-out work to obtain HITRUST certification. NextGen Healthcare became HITRUST certified in December 2017. Certification lasts two years, whereupon we will seek renewal.

Up to the cloud

Your practice can off-load the task of data protection to NextGen Healthcare by taking advantage of our hosting services. We are now transitioning our hosting services from traditional data-center hosting facilities to the cloud, in collaboration with Amazon Web Services.

Moving to the cloud does not make security concerns go away. However, your risk becomes less compared to hosting services from a traditional facility. By collaborating with Amazon Web Services, we gain access to an environment and tools built to meet requirements of the most security-sensitive organizations.

Now, the software infrastructure we offer provides much greater safety, resiliency, and redundancy. Amazon Web Services allows us a much broader set of tools for protecting data and responding to attacks. In the event of an attack against the system, the amount of downtime, lost data, and lost work effort will be significantly less, and recovery time will be much faster.

Our commitment

At NextGen Healthcare, two important paths we follow to make your practice data more secure are: (1) achieving meaningful certification from HITRUST and (2) obtaining the securest possible software environment for hosting your data via Amazon Web Services. We continue to seek new ways to make your data safer. Data security is an ongoing commitment.

1 “Security Breaches in Healthcare in the Last Three Years.” HIPAA Journal, March 30, 2018. https://www.hipaajournal.com/security-breaches-in-healthcare-in-the-last-three-years/.

David Slazyk

Senior Vice President, IS & Data Privacy Risk Officer

Get in touch with David