ClearDATA is the market leader for healthcare cloud computing and information security services for providers, life sciences, payers and healthcare technology organizations. By enabling their customers to automate, protect, and securely manage healthcare applications, data, and IT infrastructure in the cloud, ClearDATA empowers the industry to focus on making healthcare better by improving healthcare delivery.

As a technology company working with sensitive healthcare data, ClearDATA understands the importance of privacy. “ClearDATA was founded to help with patient care,” said Jonathan Slaughter, Director of Compliance, Security and Privacy at ClearDATA. “Privacy matters to us because we’re talking about real people and their healthcare, it is more than just numbers and data.”

Sharing is caring: Prioritizing patient care and privacy

Misdiagnosis is the third leading cause of death in the United States (behind cancer and heart disease.) “Many providers want to use emerging technologies to improve outcomes, and while some are innovating in the most interesting and effective ways,” said Slaughter, “some are still clinging to what they know and continue to believe – that data in silos is the best practice. This couldn’t be further from the truth because it’s not the most secure and it’s not collaborative, and therefore, not leading to the best insights to improve patient care. Data can be lifesaving if data is shared securely.”

ClearDATA approached their privacy program with an objective around protecting privacy, and overall protecting the personhood of the individuals getting patient care. They had to decide how to balance delivering state-of-the-art technology to their customers, while managing it in a way that is compliant, efficient and optimized.

Long before GDPR went into effect, ClearDATA had begun preparing for the outcome of the regulation and looked to cloud and other emerging technologies to address the issues inherent with mapping data across global locations. As customer growth scaled globally, they had inquiries about data privacy requirements not just from customers in Europe, but also other locations around the world including Asia, Africa and Latin America.

“What separated OneTrust from others was we had seen a lot of different services and providers that offered the legal expertise, but they were legal people first and technology individuals second,” said Slaughter. “When we found OneTrust we saw that the legal experts and developers play an integral part in the development process, and we can also manage the environment.”

Collaborating lifesaving information across the globe 

ClearDATA leveraged OneTrust’s Data Mapping Automation and PIA & DPIA Automation for global privacy compliance efforts.

Using OneTrust’s Assessment Automation capabilities, ClearDATA built a breach plan to simulate a data breach, including how they would process, document and keep a single record storage. They have also streamlined their vendor risk management process by aligning the assessments they send out as part of their vendor risk protocol. “The user experience with Assessment Automation and the way it’s ingrained to automate our vendor assessments is one of the key things that impressed us about the tool.” said Slaughter.

To learn how ClearDATA implemented OneTrust to power third-party risk management, read the Vendorpedia case study. 

With Data Mapping as a requirement not only for HIPAA and the GDPR, but other global regulations such as Japan’s Act on the Protection of Personal Information (APPI), ClearDATA needed to implement an automated process. “Collaboration made possible with OneTrust means we can enable provider and caregiver teams from across the globe to work together to tackle life threatening illness, like collaborating on how best to treat a cancer diagnosis, in ways not previously possible,” said Slaughter. “With OneTrust Data Mapping we are able to make sure we have an understanding of the requirements that need to be in place to make this collaboration possible.

“The flexibility of the OneTrust tool allows us to use it in so many different ways, really opening up the door for us to grow along with it as our processes and global regulations evolve and change,” said Slaughter.

Digging deeper to continued improvement of healthcare collaboration

As ClearDATA looks to the rest of 2019 and beyond, they are excited to enhance their use of the OneTrust modules, specifically Data Mapping. With a strong customer base in the Asia Pacific region, and many privacy laws being developed and implemented very quickly in those countries, ClearDATA is planning to dig deeper into OneTrust Data Mapping to ensure they are accurately mapping customer’s data on a global scale.

ClearDATA is also keeping a close eye on amendments to the California Consumer Privacy Act (CCPA) to ensure they are prepared when the regulation goes into effect. Additionally, ClearDATA is prioritizing that they have the support in place to be compliant with global privacy regulations as a controller of their employee’s personal data.

“OneTrust allows us to have the agility to scale rapidly and optimize the way we use the technology,” said Slaughter. “We were able to use the solution right out of the box to meet our needs, something that is very unique and really showcases the flexibility of the tool.”

To learn how ClearDATA implemented OneTrust to power third-party risk management, read the Vendorpedia case study.