Get My Score

MyHealthEData and Cavirin


This last week, the US Centers for Medicare & Medicaid Services (CMS) announced MyHealthEData, a federal initiative that for the first time will provide patients with full and secure control over their healthcare data, no longer locking it to a single healthcare system or provider.

When announcing the program, CMS Administrator Verma related an experience where her husband was in the hospital for a week due to heart failure. Upon discharge, Verma asked for her husband’s records, and was presented with a CD-ROM, itself incomplete. This brought up memories of my wife’s experience in Taos where she came down with a bad case of pneumonia and upon discharge was presented with a large folder containing X-Rays. Very useful. Verma then went on to question the $30 billion spent to-date by the US government on EHR implementation, and whether the patient experience has improved.

Key stakeholders in MyHealthEData include the White House, the NHS, the VA, and the NIH. The intent is to completely revamp the way patients interact with the healthcare system, making them the center of control and permitting them to better compare providers based on cost and capabilities. Other impacts of greater data sharing should be better diagnosis and less duplication of care, outcomes that will hopefully drive down the cost and raise the quality of care for everyone.

Note that the data ‘ownership’ aspect of MyHealthEData is much like the intent of GDPR within the EU, placing people and privacy first. It reflects a growing trend given the pervasiveness of personal data hosted across the Internet and especially within healthcare. And paralleling the EU, we’ll see the rise of the Data Protection Officer (DPO) within US enterprises and other organizations, a role integral to privacy.

But with portability comes additional requirements for security. No longer confined to the network of a single provider, records will be ‘borderless,’ accessible by almost every healthcare provider and across multiple devices including smartphones. To encourage security, MyHealthEData will leverage the Merit-based Incentive Payment System (MIPS) which includes penalties for security breaches. This is where Cavirin can help.

With data spread across a much larger and interconnected threat, there are many more chances for breach, both intentional and non-intentional. The workload and cloud account protection provided by Cavirin will be even more critical, and since security is a function of its weakest link, the ease of implementation and automation we provide will permit the adoption of best practices by anyone within the healthcare value chain.

Cavirin as a company is not new to healthcare, with customer use cases spanning the OS hardening of servers used in medical device manufacturing, HIPAA compliance on-premise and within AWS, including the application of the AWS HIPAA Quickstart, and use of our open APIs to connect to other security platforms within a genomic research environment.  We also have multiple deployments within the largest dental benefits provider in the United States.  Learn more at


© 2019 Cavirin Systems, Inc. All rights reserved.