Salesforce.com

Summer '16: Maximizing the Capabilities of Health Cloud

Subscribe
Prakash Rao
Prakash Rao May 26, 2016

The Salesforce Summer '16 release is upon us! As a Salesforce Gold Partner, we're helping our peers in the Salesforce community explore all that the release has to offer. If you've wondered if Health Cloud or Shield is right for your organization or want to know how the Summer '16 release will impact your business, connect with us for a complimentary one-hour conversation with our healthcare expert.

Health Cloud, Salesforce's patient relationship management platform, has been available since February. And with the Summer '16 release, Health Cloud will now fully support Salesforce Shield, Salesforce's premium data security offering. This is a huge win for healthcare organizations. The ability to protect sensitive client data at rest and to have flexibility over the encryption of data (so that relevant information is only seen by the appropriate people) will enable healthcare organizations to operate with a more comprehensive level of compliance and minimized HIPAA risk.

Let's break down these components at a high level, starting with Platform Encryption (PE).

PE permits you to encrypt sensitive fields (Standard/Custom objects), files and attachments at rest in the cloud. It also supports the user's ability to control encryption key lifecycles and preserves application and App Cloud functionality.

Before you encrypt fields, your administrator will need to generate a tenant secret key and export it to a safe repository, per your standard operating procedures. Admins will need to have “Manage Encryption Keys” permission in their profile. Below is the snippet showing you the "Generate Tenant Secret" button.

platform_encryption1.png

With the Summer '16 release, you can now create tenant secrets outside of Salesforce using your own crypto libraries, enterprise key management system, or hardware security modules. (This feature is in Pilot.)

The next step is to turn the encryption on for standard fields. You can also encrypt Files and/or Attachments, but it's either all or nothing—you cannot be selective in which files and attachments you encrypt.

platform_encryption2.png

encryption_standard_fields.png

It's quite common for audit or data security teams to request that all fields in Salesforce be encrypted. Know, however, that only the following custom field types can be encrypted:

  1. Email
  2. Phone
  3. Text, Text Area, Text Area (Long)
  4. Date and Date/Time (with Summer '16)
  5. URL

Also note that there is no single interface for encrypting different custom fieldsyou'll have to drill down into each one of them separately. You’ll have a lot of clicking to do if you have large number of fields to encrypt!

custom_field_definition.png

To view this encrypted data, your users will need "View Encrypted Data" privileges. Make sure everyone who needs these permissions has them, or else your day-to-day operations could be slowed. Encrypted field cannot be used in searches, external lookup relationships, matching rules or filter criteria. You cannot use it in formula fields, criteria sharing rules or even change field types.

Data that is encrypted does not work with following apps:

  1. Portals (Partner, Customer, Self-Service)
  2. Process Builder, Flows, Visual Workflows, Lightning Components
  3. Data.com (Duplicate Management, Dupe Catcher)
  4. Pardot, Wave, Work.com
  5. Exchange Sync

If you ever decide to ever turn off the encryption, uncheck all the encryption check boxes on fields individually. Do the same on files and attachments. Doing so will make every piece of information visible to users without the need for special privileges. After that, contact support and request them to de-encrypt all fields to ensure normal system behavior. Otherwise, you'll receive internal server error messages.

Platform Encryption is a good feature to have, but it is not required under HIPAA. Also, know that Salesforce does not provide full field encryption. So, we recommend taking time to identify threats to your enterprise. Knowing those specific threats will help you distinguish data that needs encryption from data that doesn’t, so that you can encrypt only what you need to.

There are a few other security features worth noting here, the first being Field Audit Trail, which extends Field History Tracking. This feature enables you to track who, what and when data changes within fields that you care about. Again, from an internal and industry regulations standpoint, you may have to store data for long period of time and track a lot of fields. With Shield, you can now track up to 60 fields per object (instead of just 20 fields in standard Salesforce) and retain up to 10 years (against 18 months).

field_audit_trail.png

Another feature is Event Monitoring. Say users have started interacting with your application, and people who have been given permission to access encrypted data are working with that information. You as their supervisor may want to monitor, understand and keep tabs on what your users are actually doing with this sensitive data. Common use cases to monitor would be number of logins by user, login patterns, data loss (ex: report export, accessed docs, previews), adoption, and page performance on custom features. Event Monitoring gives access to the API that exposes this event data. You can also incorporate this data into a number of tools (Splunk, NewRelic, Sky-High) and generate reports and dashboards on different types of event logs. The event types you can access and the amount of time the files remain available depends on your edition. Here are the general types of events included:

    • API calls, Logins, Logouts, Web clicks (URI), Mobile Clicks (UITracking)
    • Apex executions, VF page loads, Report exports

Some of the dashboards are available out of the box on Wave Analytics to support Event Monitoring.

wave_dashboard_1.png

wave_dashboard_2.png

The general expectation of Shield is that it will deliver greater insight and control over things that previously didn’t exist. But, as you begin to venture with the implementation of these features, you may have more questions than answers. Tread the water carefully and set lower expectations for your enterprise to begin with, and you'll be less frustrated with the process.

Want more information on using Partner Communities to drive co-creation? Check out our blog post, Is Co-Creation for B2B? You Bet!

Read more about our healthcare solutions:

Connect with us for a complimentary 1:1 call with our healthcare expert.

 

Learn what's new for Summer '16 without having to review 388 pages of release notes...

Our experts have the scoop on all the hottest updates in Summer '16. Read on or listen to our Summer '16 Webinar!
Prakash Rao
ABOUT THE AUTHOR
Prakash Rao, Summa

As a Salesforce Consultant, Prakash gets the opportunity to apply Salesforce technology to solve customer challenges across different industries. He is a linguist, enjoys playing tennis and travel across the globe.

Related posts
Jeremy Smith Jeremy Smith

Does Salesforce Do HL7 or X12 Integration?

Recently during a webinar (recording available), I was asked if Salesforce.com can integrate with/via HL7.  

Read More
Summa Summa

VIDEO: Salesforce's Data Security Solution Keeps Getting Better

You've probably heard us talk about the benefits of Shield, a premium encryption solution that works with...

Read More

611 William Penn Place
12th Floor
Pittsburgh, PA 15219

Phone: 412.258.3300
 |  
Follow Us
© 2010- Summa Technologies, Inc. All rights reserved.