It’s time to stop playing defense with patient data. The advent of easy-to-implement GRC services brings the industry into the 21st century

As the healthcare industry is increasingly targeted by external threats aiming to monetize the theft of personal health data, information security has emerged as a top priority for the C-Suite. Not only is patient safety and privacy at risk, so is patient care. The healthcare industry as a whole must stop driving with its eyes closed, take control of the wheel, and create cultures of governance, risk, and compliance (GRC) within its organizations. The trust of its patients is at stake.

As of August 2018, 229 data breaches affecting 6.1 million individuals were submitted to U.S. Department of Health and Human Services Office for Civil Rights’ breach portal, dating back to the start of the year. The breached organizations have more to think about than simply upgrading their data security and reparations to victims. They must consider the long-term effects of what a breach means for public perception of their brands. According to a recent report from the American Journal of Managed Care, hospitals spend 64% more annually on advertising after a breach over the following two years. Specifically noted by researchers in the report, “Advertising costs subsequent to a breach are another cost to the healthcare system that could be avoided with better data security.”

It’s time to stop playing defense with patient data. The advent of easy-to-implement GRC services brings the industry into the 21st century.  The there are several essential benefits of GRC tools  in the healthcare space.

Protecting patient data

First and foremost is the safeguarding of patient data. September 2018 saw the largest healthcare data breach of the year, when more than 2.65 million Atrium Health patients’ data was breached for a week-long period. The provider’s billing vendor was the source of the attack, highlighting the risks companies can adopt when they partner with third parties. As a result of the breach, hackers could view records that included names, addresses, birth dates, insurance policy details and more.

Sensitive medical information wasn’t always at extreme risk of breach. Back in the days of pen and paper, records were kept under lock and key—and that was enough to protect information. As technology advanced, various platforms entered the scene to digitize medical records, make processes more efficient, and save providers time. Unfortunately, the risk of leaks to unauthorized viewers became a sad side effect of the amazing efficiencies digitized records created. A necessary and complementary technology to such tech is GRC software. With this new tool, healthcare risk managers can not only maintain visibility across the organization in the event of a breach, but they can define protocols, design risk processes, and mitigate IT threats.


Maintain compliance with healthcare regulations

Along with the protection of patient data comes the regulations that healthcare organizations must comply with. HIPPA, anyone? As federal, state and local regulations increase, GRC programs can manage compliance with easy-to-use workflows created for efficiency. Some tools even have templates for easy-to-create compliance workflows.

This way, healthcare risk managers can easily deploy regulatory business processes across an organization and each item can be completed by the internal stakeholder.

Allow hospitals to focus on patient care–not IT security

As healthcare hackers become more sophisticated, the responsibility healthcare risk managers have weighing on their shoulders becomes ever greater. It’s not easy taking on the protection and encryption of the data of an entire organization, its patients, and its vendors. Even with so much to plan for and so many processes to complete, this can’t take priority over the ultimate mission of healthcare organizations, patient care.

This difficult job can be made easier by implementing a GRC program to reduce errors, improve training, and introduce more accountability into risk-management operations. Automation plays a major factor in the efficiencies that GRC tools create. With the help of the software, predefined rules help to reduce human error and built-in, automatic reminders/notifications for signoffs and other tasks keep each team member accountable. That way, those that interface with any part of the patient experience don’t have to worry about the minutiae of compliance and risk mitigation.


It’s no secret that patient care is paramount for all healthcare organizations. However, healthcare is a business and contributing to business success are all aspects of compliance including safeguarding patient data and staff following policies and procedures. With advanced technology,  this doesn’t have to mean a plethora of old school spreadsheets. Agile GRC tools and services are the easiest.

Matt Kunkel is the co-founder and CEO of LogicGate

Keep up with latest coverage on digital healthcare by signing up for Internet Health Management News today.