Managing the Data Security of the National Kidney Registry

October 23, 2017

When your organization handles sensitive information for thousands of patients, cybersecurity is always a leading concern. This is especially true for the National Kidney Registry (NKR), a New York-based nonprofit organization that matches kidney donors and recipients.

Like other healthcare organizations, NKR has to meet very high security and compliance standards pertaining to how it stores, manages and shares confidential patient data. Healthcare was the fifth leading targeted industry in 2016 in terms of the number of records breached, according to a new IBM report. In all, more than 16 million patient records were stolen from healthcare organizations and related parties last year. To better defend and equip itself, NKR relies on Rackspace for around-the-clock support, management and security services, along with email hosting.

2,300+ Kidney Matches Made

Since 2007, NKR has been matching patients in need of a kidney transplant with donors. Patients come into the program with incompatible paired donors; NKR matches a patient’s incompatible donor with another patient, creating a series of life-saving matches. (Approximately one-third of potential donors cannot donate a kidney to their desired friend or family member because of an antibody or blood type incompatibility.) To date, the registry has facilitated more than 2,300 kidney transplants.

The process of working with donors, patients and medical facilities across the U.S. means NKR handles an enormous amount of sensitive data. This includes a wide variety of medical, financial and personal information.  

NKR started small, with a single server housed in its Babylon, New York, office. As NKR grew, however, it realized it needed a secure, scalable and supported infrastructure to ensure its long-term success. In July 2012, NKR made the first step forward, moving its email from local storage over to Rackspace.

Soon after that, NKR decided to enlist Rackspace as a trusted technology partner, so it could focus on its core business, not managing IT matters such as data security. Rackspace started to handle NKR’s data infrastructure needs and keep its sensitive patient and other data private and secure. Organizations like NKR have to comply with a variety of state and federal regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996, pertaining to the security of Americans’ personal health information.

“As our needs grew to protect personal health information, the first place we looked was Rackspace,” as Joe Sinacore, director of education and development at NKR, explained in this video.

The backend database and the website are connected to Rackspace IT infrastructure. The entire Rackspace solution, including the server, networking and storage, is HIPAA-compliant. This “allows us to manage the security of the data, to protect it, and to measure potential outside threats from hackers,” said Sinacore.

Jaret Chiles, then-director of solution architecture and now a leader in professional services at Rackspace, explained that NKR deals with a tremendous amount of patient data and it’s very important to clients, HIPAA compliance officers, hospitals and governing bodies that the data stays secure. “Because NKR is partnering with Rackspace, we’re able to provide them the baseline security services they need,” said Chiles.

Today, Rackspace provides a managed hosting solution for NKR, so it has a stable infrastructure and can focus on its core mission. Rackspace also offers support for NKR’s systems and back-office capabilities. And Rackspace Managed Security Services provides NKR with the around-the-clock security it needs to protect its data and systems.

Life Savers

With Rackspace managing NKR’s technology, the organization can concentrate all of its efforts on the important mission of saving and improving the lives of people who face kidney failure each year. It facilitates, on average, 30 to 40 kidney transplants each month.

One thing Sinacore and the other NKR staffers don’t have to worry about is IT management. “Having Rackspace behind the scenes helps us maintain critical uptime at all times,” said Sinacore. “In the rare occasion that we have some sort of an issue that pops up, we submit a ticket, and literally within minutes someone is responding. We never have to worry — and that’s critical.”

Read the case study and watch the video to learn more about how Rackspace helps NKR with its data security.


Download a PDF to print and read this article offline.
Previous Article
Why Detection and Remediation Beats Prevention
Why Detection and Remediation Beats Prevention

Rackspace helps businesses shift from a reactive security model to a more proactive one built on people, pr...

Next Article
Six Alarming Facts About Data Breaches
Six Alarming Facts About Data Breaches

Rackspace Privacy and Data Protection helps companies identify their most sensitive data and better protect...