When handling confidential patient information, maintaining a secure data environment must remain an utmost priority. That is because confidential patient records often include valuable information such as names, birthdays, addresses, social security numbers, and health records. Unfortunately, data security in the healthcare sector has proven to be a difficult responsibility to uphold. In 2020 alone, there were almost 600 data security breaches, which marked a significant increase from the year before due largely to the COVID-19 crisis (1). According to the HIPAA Journal, the average cost of a healthcare data breach in the United States in 2020 was $8.6 million, which reflects an average cost per compromised patient record of $146 (2).
In order to be an industry leader in EHR workflow optimization, our customers must be confident that their patient’s data will be guarded by the highest security standards available. That is why it has been immensely important for Juxly to achieve HITRUST Common Security Framework (CSF) Certification for our EMR workflow application Juxly Vault. The CSF Certification was developed by HITRUST to provide healthcare organizations with a “comprehensive, flexible, and efficient approach to regulatory compliance and risk management”; it has now become a benchmark for data security in the healthcare world. Those who receive this certification reap many benefits, including reduced audit costs, improved compliance diligence, and improved scalability of risk management.
Last month, we were thrilled to receive CSF Certification after several years of demonstrating that Juxly Vault operates on the most comprehensive and secure data framework possible. With this certification, we now join an elite group of healthcare companies that have had proven success in maintaining the confidentiality of their patient’s records. This gold standard of data security gives us a crucial advantage over our competitors in the EHR workflow space.
But you may ask, “how does an organization like Juxly achieve CSF Certification?” Well, the process was not easy, we can tell you that much.
HITRUST has bundled together with a variety of data protection regulations and standards in order to create a comprehensive data security framework. Some of these standards are sourced from places like the Health Insurance Portability and Accountability Act (HIPAA) and the National Institute of Standards and Technology (NIST). As healthcare technology, this framework is continuously updated and restructured.
Organizations that successfully adhere to the HITRUST framework are eligible to receive certification. HITRUST determines adherence via a series of security assessments that outline policies and protocols that must first be implemented. Once these are implemented, the organization must provide evidence from real customer environments. After this evidence has been submitted there is a 90-day probationary period, at the end of which the organization will be audited by a third party to ensure that the given policies and protocols are still in place. Some of the assessment categories included in this certification process are Endpoint Protection, Third Party Assurance, and Risk Management.
One important element of our data security protocol that helped us secure this certification has been the transition from server-based services to Kubernetes. Kubernetes is an open-source container-orchestration system developed by Google. With Kubernetes, Juxly Vault is able to perform rolling updates without creating any downtime for our customers. This has allowed us to keep our data secure as we scale upwards.
Moreover, Juxly’s sensitivity to confidential information does not stop at Vault; our organization has long exhibited a strong sense of data security across all of our operating procedures. For example, we monitor all company computers through a Mobile Device Management (MDM) service, which has proved to be especially important as we’ve pivoted to a remote work environment during COVID-19. This MDM service is used in conjunction with a cloud-based password service that allows us to keep our remote employees secure both domestically and internationally. Furthermore, with the help of a recurring series of cyber training sessions, our employees have cultivated a culture of informational privacy. Now, identifying phishing attacks is a common competition among our teams.
These tools and tactics have been instrumental in ensuring that our company operates at the highest level of security throughout every vertical; our CSF Certification is now evidence of that fact.
By the Juxly Internal Security Team
- Vaidya, Anuja. “Report: Healthcare Data Breaches Spiked 55% in 2020.” MedCity News, 17 Feb. 2021, medcitynews.com/2021/02/report-healthcare-data-breaches-spiked-55-in-2020/#:~:text=There%20were%20nearly%20600%20healthcare,breach%20increased%20by%20about%2010%25.
- “Fact Sheet Direct Contracting Model: Professional and Global Options Medicaid Managed Care Organization (MCO)-Based Direct Contracting Entity (DCE) Fact Sheet.” CMS, 17 Dec. 2020, www.cms.gov/newsroom/fact-sheets/direct-contracting-model-professional-and-global-options-medicaid-managed-care-organization-mco.