Compliance Healthcare

White House Releases Data Security Policy Principles for PMI Organizations

June 08, 2016

Healthcare initiatives that gather data are on the rise. Healthcare data breaches are on the rise. We are at a crucial moment in time for healthcare data.

With the high value of healthcare data, and large stores of electronic health records, healthcare organizations face a rising tide of constantly evolving threats across a highly complicated healthcare network and an increasingly mobile workforce contributing to a growing attack surface. The Ponemon report last month indicates that 90% of healthcare organizations experienced a data breach in the past 2 years with a cost of $6.2 billion in 2015 alone. The latest figures from ITRC indicate that healthcare data breaches continue to rise, up an additional 18% over 2015 figures.

The Precision Medicine Initiative (PMI) is one example of healthcare data gathering with the intent to support research initiatives that improve health and treat disease through precision medicine, an approach that tailors medicine to the individual, rather than the average. Data is at the heart of creating this individualized care. Genome sequences, micro biome composition, health history, lifestyle and many more forms of data will be added to health records, by healthcare providers and patients themselves. There are already 40 major commitments from the private sector, including electronic health record firms, to advance precision medicine.

As the PMI website notes, “Success will require that health data is portable, that I can be easily shared between providers, researchers, and most importantly, patients and research participants.” The PMI will create greater stores of healthcare data, with a focus on data mobility, in a time when healthcare organizations have a very poor record for protecting healthcare data.

Recognizing the need for greater data security, the White House recently released a final data policy framework for the security expectations of the new Precision Medicine Initiative, building on the National Institute of Standards and Technology (NIST) cybersecurity framework. The principles of the guide state that, at minimum, PMI organizations should:

The PMI policy framework includes details on how to achieve these principles through a data security policy framework based on the NIST Framework including the need for a risk-based security plan, appropriate protection measures (access controls, awareness and training, basic data security precautions such as encryption and patching), adequate detection capabilities (visibility to audit events, but also continuous detection processes for network and endpoint), and response & recovery capabilities.

When data portability sits at the core of healthcare initiatives such as PMI, only Absolute can provide a persistent connection to all of the devices, and the data they contain, in order to secure endpoints, assess risk, and respond appropriately to security incidents. Absolute DDS for Healthcare provides valuable inside into all of your endpoints and the data they contain, so you can have accurate information on your fleet of devices, as well as the information they contain, with alerts for events and activities that could be precursors to a security incident. With Absolute DDS, you can help shine a light on dark data on the endpoint, helping you address the ever-prevalent insider threat, prevent or respond to data breaches, and prove compliance. Learn more at

Compliance Healthcare

Share this article

Financial Services