Hospital Secures Data and Achieves HIPAA Compliance
Transcription
Hospital Secures Data and Achieves HIPAA Compliance
CASE STUDY Hospital Secures Data and Achieves HIPAA Compliance with Accuvant CLIENT’S CHALLENGE A large hospital is responsible for thousands of sensitive patient records. With this responsibility comes a strict Health Insurance Portability and Accountability Act (HIPAA) requirement to keep the data secure. The hospital was faced with the task of reviewing current HIPAA controls in its environment, as well as data handling relating to its Electronic Medical Records (EMR) system. This task involved focusing on a limited set of controls from the HIPAA Privacy and Security Rules, and the data handling associated with the patient health information that is held in the EMR. To better understand how information moves in and out of the EMR, the organization needed help with the creation of a data flow diagram. The hospital realized that a trusted partner would best be able to understand these requirements and secure its network. ACCUVANT’S SOLUTION The large hospital selected Accuvant because of Accuvant’s years of field experience and knowledge of industry best practices. Accuvant’s team started the project by meeting with the client to understand project goals. This included creating a data flow diagram, determining the current data handling practices around the hospital’s EMR and reviewing the EMR against requirements of HIPAA Privacy and Security Rules in relation to access control and data handling. for information security of the EMR to ensure current policies and processes were in-line with the required elements of HIPAA standards, and there was consistency in policy and information across the organization. After gathering all necessary information, Accuvant consultants were able to analyze the current state of the environment for security and compliancy. Accuvant gathered as much information as possible through the client’s network diagrams and documentation of the current HIPAA environment and associated practices. To help set a baseline for later analysis, Accuvant pulled information from certain topics in the HIPAA Security Rule, including current administrative safeguards, physical safeguards and current policies, procedures and documentation. Next, Accuvant conducted interviews with the staff responsible Planning and Risk Management Policies and Procedures Compliance Management Team Development Situational Awareness Planning and Management Testing and Assessment Incident Response Monitoring and Operations Business Accuvant has developed a Security Security Strategy Success Matrix to help organizations create a holistic approach to address Technology Threats and Intelligence their problems as part of an overall information security program. Defenses and Controls System Network Endpoint Application Data User Emerging BUSINESS IMPACT It is important to meet the HIPAA standards, but organizations should also be aware of how patient information is being used, and who is accessing it, allowing the organization to maintain full control of sensitive records. Accuvant helped this client learn exactly how safe its sensitive patient information was, including where it is sent, how it is accessed and who is accessing it. Having this thorough understanding of the state of patient privacy within its hospital, the organization achieved full visibility into exactly how data flows through its Electronic Records System. Along with recommendations to improve the security of its information, Accuvant helped this large hospital achieve HIPAA compliance. SOLUTION OVERVIEW Organization Size: Nearly 3,000 employees Organization Industry: Healthcare Organization Profile: Hospital Challenge: Review current HIPAA controls and data handling around the EMR system, and complete a data flow diagram relating to information flow for the EMR system. Accuvant Services Provided • HIPAA EMR System Review •Data Flow Mapping Results •Secured View into How Patient Data is Accessed •Identified Areas for Security Improvement •Achieved HIPAA Compliance Accuvant, a Blackstone (NYSE: BX) portfolio company, is the leading provider of information security services and solutions serving enterprise-class organizations across North America. The company offers a full suite of service capabilities to help businesses, governments and educational institutions define their security strategies, identify and remediate threats and risks, select and deploy the right technology, and achieve operational readiness to protect their organizations from malicious attack. Founded in 2002, Accuvant has been named to the Inc. 500|5000 list of fastest growing companies for the last eight consecutive years. The company is headquartered in Denver, Colo., with offices across the United States and Canada. Further information is available at www.accuvant.com. © 2015 Accuvant, Inc. All Rights Reserved. “Accuvant” is a registered trademark of Accuvant, Inc. 1.15 | F1 1125 17th Street Suite 1700 | Denver, CO 80202 800.574.0896 www.accuvant.com