Two of our biggest talking points in the healthcare IT space, cybersecurity and accessibility, come together in an interesting conflict. Increasing accessibility has been a big goal in healthcare in order to make the lives of our patients and our providers much easier. Having ready access to patient data makes patients feel more secure in their care, as they can see the information for themselves, and eases the burden on providers, as they can pull up the information they need a lot quicker. However, health data is a valuable target for cybercriminals and is often the focus of our cybersecurity efforts. So, how do we continue our efforts in increasing accessibility without leaving it vulnerable to cyberattacks?
We reached out to our brilliant Healthcare IT Today Community for insight on this matter, asking them, how can healthcare providers balance the need for data accessibility with ensuring patient data privacy and compliance with regulations like HIPAA? Below are their answers.
Sandra Johnson, SVP, Client Services at CliniComp
Data accessibility and privacy don’t need to be at odds when security is architected into the foundation of the EHR system rather than layered on after the fact. A fully integrated solution is designed with built-in safeguards that protect patient data without impeding clinician workflows. This supports secure, role-based access to ensure the right data is available to the right users at the right time, without compromise. By eliminating the complexity of third-party integrations and fragmented modules, you can reduce the surface area for risk and simplify compliance with regulations. The result is a system that empowers clinicians with seamless access while giving organizations confidence in their security posture.
Murray Brozinsky, Partner at Aegis Ventures
Healthcare providers must rethink data access and privacy as dual imperatives for innovation and trust. I think the future will see systems built with secure interoperability, where clinicians, researchers – and increasingly patients – have tailored, role-based access to exactly the data they need, without compromising confidentiality. Privacy-preserving data enclaves and granular opt-in consent mechanisms (versus blanket consent) will enable sharing for care or research while honoring patient preferences. Federated learning and anonymized AI models will let care teams use predictive algorithms on population health data, personalizing interventions without risking patient identity. Seamless integration of privacy and access will strengthen trust and compliance even as digital transformation accelerates.
Jitin Asnaani, Chief Product Officer at Rhapsody
Data accessibility, patient privacy, and HIPAA are not mutually exclusive. In fact, the right systems meet all of these goals. Providers need systems that move data securely, supported by governance, auditability, and role-based access controls. The ‘P’ in HIPAA isn’t for privacy, it’s for portability. Patient care depends on the right providers having the right information at the right time. A solid digital health foundation is both interoperable and secure, with data securely flowing across platforms. For instance, Rhapsody EMPI helps healthcare systems link patient records across institutions while limiting unnecessary exposure of sensitive information. HIPAA guidance itself isn’t fixed; it shifts as care technology evolves and government regulators see new needs, especially post-Change Healthcare hack. The real challenge is ensuring interoperability and privacy advance together, treating both as core requirements rather than tradeoffs.
Lani Dornfeld, Member in the Healthcare Practice Group at Brach Eichler
To efficiently and effectively manage the business of healthcare, providers must create systems to ensure that providers and office staff have readily available access to IT systems that house patient information. This is critical for operational tasks, including scheduling, providing and billing for patient care, and the numerous other tasks involved in conducting a healthcare business. However, providers and office staff cannot have free rein to access IT systems and use patient information in any way they see fit, since HIPAA requires that guardrails be put into place to protect the confidentiality, integrity, and availability of electronic patient information, called ‘protected health information.’
In my experience as a healthcare attorney, the balance between ensuring ready access to patient information and the systems that house such information and ensuring compliance with HIPAA and other laws governing the privacy and security of such information is achievable only with a solid and well-functioning privacy and security compliance program. This includes properly educated and experienced privacy and security officials, written policies and procedures, and frequent provider and staff training.
Stephen Vaccaro, President at HHAeXchange
Balancing data accessibility with privacy and compliance is critical in home- and community-based services (HCBS), where patient safety and operational efficiency depend on the seamless flow of accurate information. Timely, accessible data enables providers to coordinate with partners, payers, caregivers, and clients to help bridge gaps in care. However, accessibility must be role-specific, allowing caregivers to access essential patient details for quality care while limiting other stakeholders to oversight-relevant data. This minimizes unnecessary exposure to protected health information.
Centralized, HIPAA-compliant platforms play an important role by securely integrating care records, visit verifications, and patient updates. Technology used in home care should be reinforced with features like multi-factor authentication, audit logs, and encryption to ensure compliance without compromising efficiency. Also, embedding capabilities like Electronic Visit Verification (EVV) can streamline mandated reporting while meeting federal and state standards. Pairing these tools with secure API integrations creates a strong approach to safeguard patient privacy while facilitating real-time data-driven decisions that support the delivery of personalized, high-quality care.
Sharat Potharaju, Co-Founder and CEO at Uniqode
Healthcare providers can balance data accessibility with patient privacy by implementing secure QR Code technology that creates streamlined pathways for managing health data without compromising security compliance. The layering of conventional security measures and complex authentication systems creates friction and workflow disruptions that impede physicians. However, HIPAA-compliant QR Codes can create secure digital workflows that increase efficiency and improve the patient experience.
Christine Lee, Head of Health Strategy & Partnerships at AnalyticsIQ
Healthcare providers are increasingly recognizing that patient care extends far beyond the clinical record. By integrating internal data with multi-sourced claims, social determinants of health (SDOH), and consumer insights, organizations can establish a de-identified foundation that delivers a true 360-degree view of each patient. This enriched perspective helps support value-based care, strategic planning, and more personalized engagement initiatives across the enterprise.
Of course, protecting patient trust must remain central. That’s why forward-thinking providers are applying multiple layers of privacy-preserving technologies (PETs) to safeguard both PHI and consumer identifiers. This balance of accessibility and compliance empowers organizations to responsibly unlock deeper insights, capturing the socioeconomic, lifestyle, and behavioral context that influences health outcomes, while ensuring privacy and regulatory obligations are upheld.
Karin Hayes, Senior Vice President, Analytics Products and Services at OptimizeRx
Given today’s emphasis on convenience, patients now seek easier, privacy-safe access to their health records, while regulators demand tighter controls on how that data is used. In turn, bridging the gap between those two expectations has become one of healthcare’s biggest balancing acts. Healthcare organizations are tasked with providing clinicians with the real-time insights they need for better outcomes and empowering patients with transparency, all while meeting increasingly restrictive privacy requirements. Compliance frameworks like HIPAA set the guardrails, but true progress goes beyond checking boxes.
The real opportunity lies in building systems that make privacy and convenience collaborate rather than compete. That means designing workflows and technologies that ensure the right clinicians and patients have the right information at the right time, without creating new barriers to care. By embedding privacy into every layer of data management, healthcare organizations can deliver better outcomes, safer care, and strengthen the foundation of the patient-provider relationship.
Ben Tercha, Chief Operating Officer at Omega Systems
Healthcare leaders often view data accessibility and data security as a teeter-totter; when one side goes up, the other risks tipping down. But this is not an either-or scenario. With organizations struggling to keep patients safe in the face of growing security concerns and increasing HIPAA standards, it’s essential that they find an equilibrium by deploying secure, modern technologies like identity access management, advanced encryption, and managed network connectivity that allow data to flow where it’s needed while keeping it protected. The healthcare providers that succeed will be those that stop treating accessibility and security as competing forces and rather engineer them to work together.
Yair Cohen, Co-Founder and VP Product at Sentra
The proposed HIPAA Security Rule updates mark a critical transformation point for healthcare cybersecurity. Compliance is no longer about avoiding fines; it’s about creating resilient, secure systems that protect patients and maintain trust. For the first time in more than two decades, the Department of Health and Human Services (HHS) is proposing sweeping updates to the HIPAA Security Rule. These long-overdue changes aim to align healthcare security practices with today’s threat environment and will significantly reshape how organizations approach data protection and cybersecurity. For security teams, the new rules mean that data governance must become proactive, that automation is no longer a nice-to-have, and risk accountability needs to be measurable and, above all, continuous. Let’s have a closer look at some of the key changes to the HIPAA rules and what they mean for security teams.
One of the most significant changes to the proposal is the elimination of ‘addressable’ implementation specifications. Under the new rules, every safety feature, from encryption to incident response, must be fully implemented, documented, and enforced.
This means security teams can no longer rely on risk-based justifications for limited or incomplete implementation. Governance frameworks must now ensure every specification is operational and auditable, meaning security leaders should prioritize the development of policy engines and compliance automation tools that enforce safeguards across all digital infrastructure.
Jennifer Ide, Chief Administrative Officer at Rimidi
Timely access to patient data is essential to delivering high-quality, proactive care, especially in areas like remote patient monitoring (RPM) and chronic care management (CCM), where the goal is to facilitate early interventions that can significantly improve outcomes and reduce costs. However, maintaining this accessibility must go hand-in-hand with ensuring patient data privacy and compliance with regulations like HIPAA.
The key is to implement role-based, context-aware access so that the right data reaches the right individuals at the right time. When patient-generated health data is seamlessly integrated into EHR workflows, it strengthens data security and minimizes risks. The approach has the added benefit of supporting better care coordination and reducing inefficiencies by saving clinicians time they would have spent searching through fragmented systems. This strategy leverages integration to help providers adhere to the highest standards of privacy and compliance so they can confidently deliver exceptional care.
Krista Bowman, Managing Director, Head of Healthcare and Life Science at Further
Balancing data accessibility and privacy requires adopting a tiered approach to managing regulatory compliance and cyber privacy and security. Combining technical safeguards (e.g., role-based access, encryption, and de-identification) with administrative policies such as dynamic patient consent and regular risk assessments can be effective. Leveraging AI-powered technology to enable real-time monitoring and automated compliance checks can also help healthcare providers efficiently identify and address potential HIPAA violations. AI enhances risk detection by analyzing access patterns, flagging anomalies, and validating adherence to regulatory requirements. Although AI applications themselves require strict security safeguards, when managed effectively, they can also be used to power high-quality care delivery while safeguarding patient confidentiality and ensuring regulatory compliance.
What wonderful insights! Huge thank you to everyone who took the time out of their day to submit a quote to us! And thank you to all of you for taking the time out of your day to read this article! We could not do this without all of your support.
How do you think healthcare providers can balance the need for data accessibility with ensuring patient data privacy and compliance with regulations like HIPAA? Let us know over on social media, we’d love to hear from all of you!
