Why You Must Emphasize Data Security at Your Sleep Center

Prioritizing data confidentiality, availability, and integrity allows EnsoData to support sleep centers securely and effectively

Guest blog post by: Wayne Saxe, VP Solutions Architecture, ClearDATA

ClearDATA is committed to simplifying the lives of business professionals and organizations by making data more secure and confidential in the cloud. Partnering with organizations such as EnsoData, our commitment to healthcare IT security has been unwavering. Our focus is to be the trusted partner in protecting healthcare data in the cloud utilizing proprietary technology to help businesses operationalize their privacy and security programs. 

User Level Data Security Concerns in Sleep Medicine 

The field of sleep carries with it unique data security and confidentiality concerns above and beyond what typically applies to standard datasets. First, the polysomnography test collects over 100 million data points, and prior to digitized viewing systems, one test could span more than 800 pages of text. With the help of artificial intelligence (AI) and machine learning (ML) algorithms, companies like EnsoData can identify more correlations than ever before between this data and the patient’s overall health.  Sleep data is the subject of many research projects, including the relationship to Brain Age and the possibility of identifying other comorbidities, like Alzheimer’s disease. Going beyond the future-facing possibilities, sleep data is making an immense impact right now and the sensitive data must be protected 24/7.  Per the Kaiser Health Network (KHN), data collection for sleeping consumers is on the rise. For example, Google announced new options for users to capture sleep data using their smartphone camera. At the end of the day, data is being generated in massive quantities in the field of sleep, so data security must be a top priority for sleep centers and sleep device companies alike. With that in mind, let’s identify a few data security topics that might impact sleep centers around the U.S. and globally.

Data Confidentiality: Security Controls for Sleep Centers 

To ensure all customer data is stored confidentially, ClearDATA supports the EnsoData team with a bevy of procedures. Maintaining confidentiality for data, code, systems, and networks can help organizations avoid immense negative consequences. Accordingly, when the EnsoData team first engaged in the ClearDATA Healthcare Security & Compliance Platform, data confidentiality was one of their top priorities.  Some of the steps we are taking together to highlight data confidentiality include cloud architecture guidance, advanced network and security design, 24/7 security monitoring and more. The visual below gives a deeper dive into our focus on data security for the core product EnsoSleep.  As you can see, there are a dozen focuses for EnsoData in the world of data confidentiality. From commonly understood and standardized options like two factor authentication to more complicated elements like cryptographic hashing of checksum data, it’s important to be cognizant of every potential vulnerability. 

Developing Security Controls for Data Integrity and Availability  

As with data confidentiality, security controls are built to maintain data and system integrity. This includes uplink and downlink checksum controls, software distribution controls, highlighted by secure distribution mechanisms and code-signature verification, and intrusion detection controls, specifically OSSEC logging and monitoring. Similarly, data availability is important, as algorithms need access to data to improve over time with machine learning principles. To make sure sensitive information isn’t vulnerable to bad actors, security controls are crucial. Security controls include firewalls, antivirus scanning, and database control options like backups, authentication, and data encryption. 

Why Is this Important for Sleep Data Management? 

As the healthcare industry continues to progress and become more digitized, AI and ML algorithms will require access to massive databases with information on hundreds of thousands of patients, which means data needed for an algorithm is next to standard PHI (protected health information). Unfortunately, in a data breach, it is possible for hackers to gain access to this classified information. According to a recent survey conducted by the National Cyber Security Alliance (NCSA), of 1,000+ small- and medium-sized businesses, 28% experienced a reportable data breach within the past 12 months. And as you can see in the graphic below, those breaches have severe consequences. 

Sleep Centers Are Vulnerable with the Data They Possess

Sleep centers are no exception to potential data breaches. The EnsoData team shared an anecdote with us about a small private lab that fell victim to a ransomware attack. The breach resulted in the lab temporarily losing all their sleep data. Luckily, the EnsoData team was able to support the lab with a backed up version of the sleep data that was lost. The recovery negated the need for dozens of repeat sleep studies for the lab’s patients, saving the lab the time and hassle of rescheduling all the appointments.  Fortunately, this sleep lab avoided major repercussions from the cyberattack, but it was absolutely an eye-opening moment for their team. Since the breach, the aforementioned organization enacted stricter data security protocols and they’re working hard to avoid a similar issue down the road. So, what are some of the steps they’ve taken to protect their sleep center and what can you learn from their situation? To protect your business, make sure you’re doing a few important things.

1. Educate your staff regularly with security training
2. Test your team with phishing training and assimilated attacks
3. Prioritize data-conscious software and hardware providers
4. Back-up your data daily and in multiple secure locations

Simple steps can help your team keep your patient data secure. 

An Emphasis on Data Security Will Make an Impact

As more and more data is used on a daily basis in sleep medicine and in all fields of healthcare, data security will continue to be imperative. And as devices and platforms become more interoperable, data security must be top of mind for growing health tech organizations. That is why we’re proud to have been an integral part of EnsoData’s data security plan since August 2019, helping them achieve their goal of maintaining high quality data security throughout the sleep scoring process. Since we started working with EnsoData, they’ve doubled the monthly volume of data, and we’ve built a strong plan for continued scalability. To dive into the EnsoData team’s interoperability series, you can check out the three blog posts in the series here: 

1. What is Healthcare Interoperability?
2. 6 Reasons We Must Embrace Healthcare Interoperability
3. How to Improve Data Interoperability

And if you’d like to read more on security in the cloud, try one of these ClearDATA blog posts:

• Ransomware in Healthcare: Improve Your Detection and Prevention
• How Engineering Teams Benefit from Compliance, Security, and Privacy Management with ClearDATA 
• Increased Access to PHI Doesn’t Mean Privacy & Security Have to Be Compromised