Thanks for the extensive and prompt reply, appreciated, helps me a lot to understand.
I have a couple more questions in light of recent security breaches not only with health data but with data in general (read Equifax):
What sort of emerging trends and challenges exist around health data security and breaches?
How is BurstIQ seeking to address these concerns?
Sure, that's what we're here for. Equifax is a biggie, especially considering the number of profiles they manage and how much data they have on each person. Breaches are definitely a big problem in the healthcare industry - healthcare systems in particular are a big target for hackers because they have so much sensitive data and EMRs and patient portals have a lot of vulnerabilities. Historically, healthcare data was stolen for personal identity theft - a medical record can be worth as much as $1,000 on the black market. However, we are seeing a shift from identity theft to ransomware, where hackers are locking up entire systems of health data and extracting millions of dollars in order to restore access.
As more and more data is incorporated into the healthcare system and as access points (such as patient portals) become more widespread, the pace of these incidents will accelerate. The Health Care Industry Cybersecurity Task Force, established by the Department of Health and Human Services, indicated in their report to Congress that the healthcare industry isnt prepared for this cyber onslaught. Most health systems focus on establishing traditional perimeter security solutions (e.g., firewalls). However, the mandate to enable people to access their data via patient portals creates security gaps that hackers can easily exploit.
Our teams 65+ years of experience building secure networks and cybersecurity solutions for the U.S. Military and other government agencies provides us with a skill set that few others in the health IT industry can match. Rather than developing the platform and then addressing security after the fact, the BurstIQ platform was built from the ground up with security in mind. Security features are embedded into each data element and into the core platform architecture, which means security isnt solely dependent on perimeter solutions and application-level security features. Because ownership rules are built into each data element, someone who is not an owner (or is explicitly permissioned by a Consent Contract) is simply unable to view the data. In addition, the platforms decentralized design keeps data constantly in motion, increasing resistance to single-node and multi-node cyber attacks.