Article | November 6, 2019

Data Integrity: Ensuring Your Data Is Trustworthy

By Steven Weil, Point B

Resellers Don’t Buy From Vendors They Don’t Trust

Healthcare organizations prioritize data confidentiality. Here are some ways to ensure the trustworthiness of your data.

Healthcare organizations are swimming in data. Patient records contain highly personal information such as clinical notes, health summaries and diagnoses, test results, family health histories, and other sensitive information. But how can you be sure your data is accurate and reliable? How do organizations ensure and maintain data trustworthiness? Through data integrity.

Data integrity is the process of maintaining accurate, reliable and consistent data over its entire life cycle. In healthcare, data integrity primarily means ensuring and maintaining the accuracy of a patient’s personal health details.

Many organizations are focused on protecting the confidentiality of their data rather than its integrity. While data confidentiality in healthcare is certainly important, organizations should also regularly define and document how data flows into, around and out of their networks. Additionally, healthcare organizations should perform regular risk assessments of their data in order to focus their resources and controls on maintaining the integrity of their high-risk data.

More specifically, the following controls can help ensure that data is accurate, reliable and trustworthy:

  • Use role-based access control to limit access to data per the principles of “need to know” and least possible privilege.
  • Require strong authentication to access sensitive data.
  • Perform detailed logging of all access to and changes made to sensitive data.
  • Implement file integrity monitoring software to detect when changes are made to sensitive data.
  • Whenever possible, store sensitive data strongly encrypted or in read only mode.
  • Implement well defined and regularly tested data backup and recovery procedures.

Ensuring The Accuracy Of Third-Party Data

Managing data received from third-party vendors - health insurance companies, medical-equipment suppliers, imaging centers, marketing companies, data-management companies and others – presents numerous challenges for healthcare organizations. Most organizations won’t be able to know, with 100 percent certainty, that third party data is accurate and reliable. However, there are several processes and controls that can be implemented so that an organization can have high certainty in the accuracy and reliability of third-party data including:

  • Examine how third parties collect the provided data and the data source(s).
  • Check third party references and reputation (e.g. data from a well-established organization is likely more trustworthy than data from a little-known company).
  • Identify and define specifications and key attributes for third party data.
  • Verify data received from third parties against the above specifications and attributes (i.e. input validation).

A Word About Blockchain

With all the buzz about blockchain technology, it’s worth paying attention to. Blockchain is designed to maintain data integrity, with blockchains becoming increasingly useful and able to support common business processes.

Blockchain technology is already demonstrating some promising solutions in healthcare, with advances being made to more safely and efficiently share data and better identify healthcare stakeholders in a more secure manner.

It’s difficult to be completely certain about data integrity, but there are many controls and processes that, if properly implemented and managed, can make data trustworthy enough. It’s difficult to eliminate all risk to data integrity; most organizations should not expect to be able to do so. Instead, healthcare organizations should focus on implementing controls and processes that reduce the risk to the integrity of their data to an acceptable level.

About The Author

Steven Weil is information security director at Point B, an integrated management consulting, venture investment, and real estate development firm. Over the past 20 years, he has provided a wide variety of cybersecurity services to hospitals, universities, state government agencies, cities and large companies throughout the United States.