The Synergy Between Security and Privacy

Data privacy, although often confused with data security, is a discrete sector in the data protection field drawing upon expertise in law, technology, and ethics. Where data security focuses on how we protect information, data privacy focuses on why we protect information as well as what we are doing with the information entrusted to usData privacy professionals ensure compliance with legal and regulatory requirements, such as the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and the European Union’s General Data Protection Regulation (GDPR), and are critical stakeholders in protecting the confidential information of both the organization and our customers and members. Privacy professionals can help navigate decisions around what level of data access is appropriate, are we using data in a responsible way, and often inform the direction of information security policies, including:

  • Data retention
  • Geographic data storage
  • Identity and access management
  • User onboarding and offboarding
  • Data classification
  • Acceptable use
  • Risk management

Technology professionals are likely familiar with the term DevSecOps, which is the integration between the development and security team, incorporating security and scalability at the beginning of and consistently throughout the software development process.  However, a less common term is PrivSec, or the collaboration between the privacy and security teams integrating data protection and data use into all major business decisions. Here at HealthEdge, there is a strong partnership between the information security and the privacy teams and our programs are designed to ensure that both teams are engaged where their analysis is required. Some common programs that involve both teams are:

  • Vendor risk management
  • Incident response
  • Product change management
  • Data handling and governance
  • Employee data access from abroad

In addition to HealthEdge selling healthcare services, it also is in the business of selling trust to its customers and end-users. As custodians of highly sensitive data that could cause real life harm to patients and members if misused or abused, the integration of PrivSec into business and technology operations is paramount for maintaining trust. By identifying risks to information and systems containing information, implementing security measures, and building processes for responsible handling of healthcare data, we can ensure that patient data is kept confidential and secure and that HealthEdge remains a trusted partner for our customers.