Healthcare organizations find security, privacy cures
Healthcare organizations are energetically seeking cures for managing identity and security in fast-paced hospital environments to help physicians and nurses do their jobs more easily -- and to keep patient data safe.
Sophisticated single sign-on systems are being deployed in hospitals to make it simpler for time-pressed physicians to find records, while encryption and data-loss prevention (DLP) technologies are being introduced as barriers to any chance of exposing sensitive patient data . That's more urgent than ever since a new federal law that's gone into effect, called "Health Information Technology for Economic and Clinical Health Act" (HITECH Act), forces healthcare organizations to make a public announcement through the media if they lose patient data that's not encrypted.
As such, the HITECH has become a driver propelling healthcare organizations into deploying new technologies, such as DLP, to try and make sure they're not among those forced into the harsh limelight of disclosing mishaps with patient data.
Health privacy undermined: Worst breaches of 2009
"We have two major systems being implemented right now because of the HITECH," says Ben Nathan, associate director for security and identity management at New York City-based Weill Cornell Medical College, affiliated with New York Presbyterian Hospital and other institutions. With HITECH in effect, "if we lose personal health information, the onus is on us to report it to everyone, and to the media."
The college is adopting a DLP system based on the Symantec Vontu product and is also deploying PGP Inc.'s encryption software on laptops. The medical college, which has 5,000 faculty and students, has already put in place an electronic- records monitoring system based on vendor FairWarning's surveillance and audit product that analyzes how individuals access data, with the goal of flagging suspicious activities.
"We want to know if someone who usually looks up 10 records a day is suddenly looking up 1,000," Nathan says. "Or if someone looks up data from another department. We at least need to know about it because maybe someone's account has been compromised."
Weill-Cornell Medical College is tying these data-security and monitoring systems back into its ArcSight security-event and information management system to centralize alerts and correlate information. It's the best method for understanding the risks and what's occurring, Nathan says.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data loss prevention
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
