Cures Act prompts healthcare orgs. to get prescriptive about security

Healthcare organizations are facing a crucial deadline to address network and API security requirements tied to the 21^st Century Cures Act. Starting April 5, 2021, healthcare providers and payers must give patients easier access to their health data—and lock security standards in place to guard that data. Organizations that don’t comply by July 1^st can face penalties.

Health data networks and APIs are vulnerable to violations and attacks. And deploying and maintaining a comprehensive security solution is a complex and resource-heavy operation.

The 21st Century Cures Act was created to help patients be fully informed in their health decisions and ultimately receive better care. By breaking healthcare data out of silos, it gives patients easy, electronic access to their health records, with the ability to download their information to an app via application programming interfaces (APIs). To make this happen, healthcare providers and payers must support interoperable and accessible health records from April 5, 2021 onward. And they need to provide this sensitive patient data while following strict security guidelines.

Most organizations are not prepared to deploy the required security protocols on their own and in the required timeline. As healthcare organizations open up their APIs and networks to other organizations and individuals, they’re also left vulnerable to attacks.

The Cures Act requires:

• Health plans to provide APIs that let patients securely access their health information using third-party apps and provide a standard API that gives members access to the plan's provider pharmacy directory data and formularies.
• Healthcare providers to use APIs to improve the usability of electronic healthcare records via third-party software for medical staff. With these APIs, physicians can easily access and search for patient health records.
• Healthcare payers to provide health information to patients and third-party apps via APIs by the Patient Access API rule. Payers are also required to maintain and publish provider directories’ data through APIs.

All healthcare providers must meet these provisions by the deadline. But most don’t have the time or resources to deploy the required Health Level Seven Fast Healthcare Interoperability Resources (HL7 FHIR) API security protections to create the required secure environment for sharing patient health data within the timeline. As a result, F5 has been working with major healthcare providers to deploy comprehensive security solutions, quickly.

By using a managed service that specializes in health data security compliance, providers can preserve their own resources and shift the burden to dedicated experts who can help mitigate attacks against applications and APIs.

F5 Silverline’s Managed Security Services (DDoS, WAF, and Bot Protection) can help organizations roll out a comprehensive, HIPAA-compliant solution on a short timeline with minimal effort. Healthcare providers gain full visibility into their systems and get around-the-clock access to experts and solutions that can detect and solve problems quickly and easily.

For more detailed information, download Securing Healthcare APIs for the 21^st Century Cures Act.