The importance of privacy, security, EHRs and APIs in post-acute care

December 5, 2022
Categories: Home health
Reading Time: 3 minutes

By: Brian Tolkkinen, Chief Security Officer, MatrixCare

The legal system has been described as a mirror for society in that it reflects its values. Where there are rapid advances in society, like with information technology, it can take a considerable amount of time to understand those issues and the related dangers. It then takes time for our legal systems to create adequate legislation and legal protections around the ways information can be collected and used.

In post-acute care, technology is evolving at a rapid pace. And as the legal systems work to keep up with these advancements, it’s important for organizations to understand the importance of four key areas — privacy, security, EHRs and APIs. In this blog, we discuss these areas and how they affect the important work you do.

The importance of privacy in post-acute care Privacy is a complex topic, but from a high-level point of view, it involves the right to a private life and control over how sensitive information is exposed to others. Laws define these rights, determining how our personal information is collected, used, shared and processed. Data privacy laws in particular address a clear concern among U.S. consumers that the legal system hasn’t kept pace with technology advancement, which is why consumers have influenced the development of privacy legislation at the state level.

In California, for example, voters used the state’s ballot initiative system to force the enactment of a comprehensive privacy law — the first in the U.S. at that time. Five states have since enacted general privacy legislation, with four more considering similar laws. These general comprehensive privacy laws are broader than those that target a single industry (like HIPAA does for healthcare). We’re talking about robust laws that have far-reaching impacts and benefits for consumers.

This consumer pressure at the state level for stronger privacy laws has also increased pressure for broad privacy legislation at the federal level. From a business perspective, federal laws should make it easier and less costly to understand what it takes to be compliant versus navigating a patchwork of state laws. Many believe we could see a general privacy law at the federal level in the U.S. within the next few years, but it may take much longer than that.

It’s important for businesses to stay on top of these evolving complexities. For technology partners, it’s equally important to make sure our products and efforts to innovate stay compliant with ongoing laws. And it’s also important that we partner with other businesses that have similar values and are equipped to uphold consumer privacy rights.

The importance of security in post-acute care Information security is one of those areas that intersects and overlaps with privacy. In fact, we think about it as being one integral aspect of our privacy program. For example, we can have contracts with our partners that limit how data is shared and used. Our objective is to prevent unauthorized access to data within our systems by putting technical, physical or administrative security safeguards in place — such as encryption on hard drives, guards and cameras at data centers, or policies to help employees understand when data should be de-identified.

Without the right security controls in place, privacy objectives can’t be achieved.

The importance of electronic health records (EHRs) in post-acute care Businesses providing EHR or software services to healthcare providers are privileged to be entrusted with customers’ information and patient data. To be effective in our approach to data privacy and security, it must intersect with our ethics program as well, which defines how we conduct business with consideration to honesty, fairness, integrity and the genuine concern for the welfare of others.

It’s important for technology partners to view privacy and security obligations through this same ethical lens, to respect privacy as a right and to be thoughtful about handling delicate information.

The importance of application programming interfaces (APIs) in post-acute care Privacy has become a complicated and challenging topic, especially with so many new ways that personal information can be collected and used. Cloud computing, for example, has enabled the development of more software and new businesses, given its lower cost and accessibility. As consumers, we’re interacting with these new applications and websites — all from mobile devices that we always keep with us.

Whether designed for consumer-to-business activity or business-to-business transactions, these websites and applications are accessed by our devices and workstations via interface points and APIs. The proliferation in the cloud of those exposed access points — that our mobile devices communicate with or through — create more targets for malicious individuals who want unauthorized access to personal information. Businesses must protect these exposed interface points to maintain the trust of their users.

Privacy is a complicated topic and is inextricably linked to security, EHRs and APIs. For organizations that strive to maintain compliance as well as the trust of those they serve, they must be mindful of the digital tools they choose and ensure that their partners values align with, and support, their own values and policies.

Schedule a demo with MatrixCare today to learn how our innovative technology is built with privacy and security top of mind.

This summary is provided for informational purposes only and is not intended to be, and should not be construed as legal advice. Each client should consult legal counsel of its own choosing.

Schedule a demo today.


Brian Tolkkinen, CISSP, CISA
Brian Tolkkinen, CISSP, CISA

In his role as Director, Information Security and CSO at MatrixCare, Brian is responsible for overseeing the security program. He facilitates teamwork across the organization to protect information assets while supporting innovation within the business. Responsibilities include security program development, governance, risk management, and compliance. Brian now reports directly reports to Todd Friedman, CISO at ResMed, and will continue a well-established working relationship with Todd and the Enterprise Security Team.


Back to blog
Share this page

Learn more about how our services can help you succeed.