Our team at Harmony Healthcare IT is committed to supporting transformation in healthcare, especially in the area of securely archiving legacy health data. We look forward to NHIT Week (October 8-12, 2018) ,– a period dedicated to raising national awareness of the benefits information and technology can bring to the U.S. health system — and everything it means to be a part of “Catalyzing Change” in 2018 and beyond. As stewards of the ever-growing volumes of health data that must be retained for up to 25 years or more, health IT teams are faced with many issues, including the best practices for retaining and protecting legacy data throughout its entire lifecycle. Privacy and security issues are especially magnified during times of system replacement, or any time, that legacy data is on the move. When migrating personally identifiable information (PII) from one database to another, privacy and security are critical. Because of the critical role data archiving vendors play to migrate and retain patient or employee data from your inventory of legacy systems into a single storage place, vetting out their commitment to security protocols and standards should be a top priority. We support healthcare transformation by creating and sharing robust tools and checklists to better equip our industry partners. For this reason, we’ve developed: 10 privacy and security questions to ask your future data archiving partner to make sure your data is safe Do you have a full time Privacy and Security Officer and/or Compliance Officer on staff? With so much at stake, it is appropriate to expect and verify that a senior level resource is dedicated to managing security and privacy 100% of the time. Will all of your data (ePHI & PII) be stored within a Tier III or higher data center? The classification of the data center is pertinent to data security but also to ensure the product will operate at the up-time levels a healthcare provider requires. Have you committed to security excellence by obtaining a HITRUST or other CSF Certification? This sort of credentialing is voluntary and can be indicative of their priorities when it comes to data security. Ask if they’ve taken the time and resources to achieve this level of certification. Have you made a formal commitment to employee security training and awareness? Ensuring protection against the latest threats to your healthcare data is a moving target. Ask how their workforce maintains its HIPAA knowledge base and stays ahead of the curve. What is your process to maintain privacy and security policies and procedures? Their policies and procedures should be reviewed and updated routinely in order to keep up with the changes in policy and risk management best practices. Will our data be fully secure while in transit and at rest? With lots of data to manage, it is critical to protect it at every stage. Ask about their security framework for this process. What are your data validation standards to ensure we meet data retention requirements? It is important to ask how your archiving partner will plan and execute the creation of your data archive. Data integrity is in the details. Do you offer features like Single Sign-On or admin control over security of user permissions? Features that enable your ability to refine the way you can monitor user access further enhance the overall security of your data archive. Does your archive solution contain robust audit solutions like FairWarning® to monitor initial and ongoing access? Push beyond the general assurances and ask about how data will be tracked at each stage of user access. Can they send their audit logs, automatically, to one integrated audit product? Do you carry adequate Cyber Security Insurance to protect all parties involved? As stewards of your data, a good data archiving vendor will be prepared to cover you and themselves in the event of a breach. As healthcare continues to be one of the most sought after industries for cyber security crimes, we all need to be on guard and doing everything we can to ensure the data is secure and that every link in the chain is solid. We do this during National Health IT Week each year, and every week in between. Harmony Healthcare IT is a FairWarning Ready Healthcare Data Archiving Partner. FairWarning® is a registered trademark of FairWarning, Inc.