HIMSS 09 – CHICAGO, IL - April 06, 2009 -
RSA, The Security Division of EMC (NYSE: EMC) announced that leading healthcare organizations – including Apoteket AB, Blue Cross and Blue Shield of Kansas City, Catholic Health System, Geisinger Health System, Mainline Health and University of Pittsburgh Medical Center – have implemented effective information risk management strategies and information-centric technologies from RSA in order to help secure highly sensitive patient healthcare data and meet compliance mandates.
"Through the strategic use of RSA technology we have been able to accelerate our plan for an integrated regional health organization. The Keystone Health Information Exchange pilot, secured by RSA® Access Manager and RSA® Federated Identity Manager, allows emergency departments within participating hospitals to share patient health information, in real time," said David Young, IT Program Director at Geisinger Health System. "This minimizes delays in treatment which can be frustrating and, in some cases, even life threatening. It also increases the productivity of physicians, reduces operational costs and ensures compliance with HIPAA regulations."
Young added, "With RSA® Adaptive Authentication, Geisinger has been able to offer our referring and affiliated physicians secure access to critical online resources, thereby facilitating the sharing of patient information out to external physicians. Providing these groups with access to a patient's electronic medical record helps to reduce the number of duplicate tests, which speeds treatment and improves the patient experience. We were particularly attracted by the way RSA Adaptive Authentication offers layers of security in addition to a regular user name and password, but without inconveniencing the user. It is ideal for clinicians working in a busy and often pressured hospital and clinic environment."
In order to protect the confidentiality, integrity and security of patient health data within the information infrastructure, healthcare organizations can apply a series of best practices to improve patient care and clinical workflow, and meet compliance challenges with confidence. First, an organization should understand and discover what data is most sensitive to its patients, clinicians and its own enterprise. As a result, it becomes equipped with the proper intelligence to select appropriate data and access controls based on policy and risk. Organizations can then monitor and report on security policy effectiveness and demonstrate compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Joint Commission requirements, and European Union Data Directives. This holistic framework is based upon guidelines such as ISO 27799 for Information Security Management that helps to ensure patient healthcare information is protected, managed and auditable.
"A data breach at a hospital cannot only expose the credit card and bank account information of a patient, but it can also provide a data thief with the information to seek medical care using the insurance of another person. Furthermore, medical identity theft can have a serious detrimental impact on the ability of the patient to obtain private health insurance in the future, and can place the life of a victim in danger as the medical history of two or more people are combined into a single health data record," said Jarad Carleton, Senior Consultant at Frost & Sullivan. "Accessing the detailed medical history of a patient can also create issues from a provider standpoint as any change in these records could potentially lead to the death of the patient. This worst-case scenario can expose a hospital to civil lawsuits, negative publicity, and heightened regulatory oversight in countries with enforceable data privacy laws."
"In a 2008 HIMSS survey*, 97 percent of healthcare CIOs revealed that they were concerned about the security of the data within their organization. This is no surprise as traditional information security infrastructures have been primarily designed to protect against external threats. Yet today, the black market for information used for identity theft remains robust, and the focus on security is shifting to insiders with broad access to sensitive data. They know where the systems are, how they interact with each other, and what data resides on which systems," said Tom Corn, Vice President of Product Marketing at RSA, The Security Division of EMC. "This disparity between the current threat landscape and the traditional information security infrastructure is leading to more healthcare data breaches, increased regulation, and higher operational costs. In turn, critical workflow processes can be negatively impacted affecting the movement and availability of patient information."
For more information, please visit RSA's Information Risk Management for Protected Healthcare Information security solution website. A free copy of the Frost & Sullivan white paper (commissioned by RSA) entitled "Keeping the Promise of Privacy: Protecting Sensitive Data in Healthcare Organizations" can be found under Resources.
* Frost & Sullivan, Keeping the Promise of Privacy: Protecting Sensitive Data in Healthcare Organizations, August 2008
, a part of , enables organizations to modernize, automate and transform their using industry-leading , servers, and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a , and transform their business through the creation of cloud-native applications and solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.