Why should your health startup give priority to privacy and data security?
As an entrepreneur, I saw companies grow with a laser focus on income and growth but not strict data privacy policies. Although this summer the Senate introduced legislation to protect consumer health data, some healthcare providers often urge back burners to create their own stringent privacy policies as the process is rigorous, time consuming and expensive. As the co-founder of two successful health technology companies, I know that data privacy and data security are priority for the best and most successful companies. When a digital health company is created, three critical decisions have to be taken to succeed.
- You must: decide to be certified by HITRUST and protect user data.
- Decide first of all to put users prior to monetization.
- Take the decision to base your claims on evidence and justify your research.
We know that consumers, particularly those of the millennia, want their health to be on their fingertips and take health choices such as retail decisions. Digital health companies fulfill this need to provide users with on-demand access to healthcare and wellness tools to improve fitness, to track health or to make virtual meetings with a physician. These companies handle highly sensitive data and therefore have to choose to be certified by HITRUST. HITRUST is an organization that enables companies to comply with regulatory regulations and standards such as HIPAA. As I can confirm, being certified as HITRUST is a rigorous process, which includes extensive documentation, employee training, in-persons vetings and audits, and the establishment (at least) of dozens of security procedures, but for a digital health company which seeks to protect the data of its users it makes a smart and careful decision.
In an era in which trusting technology with your personal information is becoming increasingly difficult, the burden of care fell on companies that produce these products to place the interests of their users first, before monetization and/or growth. It is their responsibility to supply the consumer with their desired products and to establish an ethical monetisation strategy that enables them to succeed. For instance, some firms have decided to sell user data to brands or organizations and are making considerable revenue. My company has decided not to do this from the start because we have decided that it would not be in our users ‘ best interests. It can be a slippery path for companies that don’t think about it from the start. Although you can play it quickly and easily in technology, you can’t do it in health care because it builds and upholds the trust of its users.
If you want to improve your behavior by helping someone become healthier or keeping their habits going, you must have evidence that your solution works. Digital health companies that wish to be credited for helping individuals change their lifestyles positively or have more healthy results must decide to build on evidence and invest in peer-reviewed research. There are numerous ways: your company can partner with external research organizations or build an internal clinical research team working on independent peer-reviewed research. Investors (and users or customers) must be aware that your product does what you say and that it is best validated by research. This feedback loop is also essential for improving products and developing new products.
At the end of the day, it is up to the company to ensure that the user first takes the privacy and security of data priority. Companies that prioritize Hitrust certification will take their users a step further and, most importantly, help the majority of people before monetization strategy or revenues and invest in clinical research based on evidence.
Ethical Hacking Key to Data Security
Corporate Data Security vs BYOD
The Critical Healthcare Data Security Services and Processes