Benign email messages are safe when sent from one healthcare provider to another over public systems. Messages with patient information must be encrypted or sent through secure VPNs or purely in-house email routes. Knowing when to use each is sometimes complicated, leading many healthcare workers to use secure methods every time, which can become unnecessarily expensive, slow or both.
In a recent interview with Cisco representatives Frances Dare and Terri Quinn-Andry, HCAR learned that new technology is available to analyze email messages before they are sent, searching for sensitive words. When language is found that potentially crosses HIPAA privacy regulations, software automatically reroutes the email through a secure path.
Ms. Dare is Director of Healthcare Practice at Cisco’s Internet Business Solutions Group. Terri Quinn-Andry is the company’s Security Solutions Manager. They described for us a company called “Iron Port Technologies,” which Cisco acquired last year.
“More than any other space in healthcare,” Ms. Dare explained, “I believe home care is one where HIPAA regulations overlay with security. We are talking with all constituents about the need to render data unusable. If a backup tape or laptop computer is stolen and hacked, the data should be unreadable. For many healthcare organizations today, that security aspect – data at rest – is already covered by encryption and other technologies that continue to evolve.”
Data Security Challenges
Both Dare and Quinn-Andry agree that protecting critical assets within an organization is an ongoing systems process rather than simply a checklist of items to meet compliance requirements. Cisco has outlined four key areas to ensure that an organization’s critical assets are secure:
1. Education: Identify what the business critical data assets are and where these assets are located
2. Operations (Process): Safeguard critical data while “at rest” and “in motion.” Isolate access to those assets and network segments where the assets are with a layered defense approach.
3. Regulatory and Corporate Policy Compliance: Adopt a security program that focuses on safeguarding critical data and addresses government and regulatory compliance requirements such as Sarbanes-Oxley, PCI, and HIPAA.
4. Technology: Implement a solid security infrastructure and portfolio of technologies that satisfies the education, operations and policy steps.
Cisco has joined the “PCI Data Security Standards Council” with the goal of helping to evolve a security standard for the payment card industry in and out of healthcare. The company also participates as a board member of the HITRUST Alliance and actively participates in public policy discussions and Congressional hearings about data security advancements.
http://www.ironport.com
Recent Comments