|
As enforcement tightens and liability grows exponentially,
maintaining HIPAA compliance has become mission-critical for
IT departments in the healthcare industry.
With mobile computing firmly integrated into the workplace,
Electronic Protected Health Information (ePHI) can no longer
remain safe behind the corporate firewall. In today's fast-changing
healthcare climate, easy access to ePHI is crucial for caregivers.
However, both the wireless networks that facilitate caregiving
on the move, and the popularity of removable storage devices
represent the weakest links in data security - increasing the
likelihood of data leakage, and potential but costly HIPAA violations.
As a result, today's primary healthcare IT challenge is:
how to make ePHI readily available to caregivers, while still
maintaining HIPAA compliance?
Safend Auditor and
Protector are designed
from the ground up to help healthcare organizations meet the
challenges of HIPAA. Seamlessly integrating with existing solutions,
Safend monitors and controls the flow of information to and
from any endpoint. Safend provides healthcare organizations
with detailed visibility and granular control over data transfer
from the endpoint via wireless ports and all physical storage
devices, providing a comprehensive audit trail of endpoint activity
and simultaneously protecting against data leakage.
Meeting the Challenges of HIPAA
Safend’s solutions protect sensitive patient information,
addressing core HIPAA requirements, such as:
- Evaluate vulnerabilities - HIPAA requires
organizations handling ePHI to conduct an accurate and thorough
assessment of potential risks and vulnerabilities to the
confidentiality, integrity, and availability of data.
Further, they are required to implement mechanisms that
record and examine activity in systems that contain or use
ePHI.
Safend queries all organizational endpoints, locating and
documenting all devices that are or have been connected.
Safend Protector reports the attachment of unauthorized
external devices, monitors the information flow in accordance
with individual user access policies, and alerts administrators
of attempted violations – while comprehensively logging
all activity for an ongoing and complete audit trail.
- Defining access at all endpoints -
HIPAA mandates that organizations assume responsibility
for the security of ePHI entering and leaving the computing
environment, regardless of physical location. Utilizing
Safend, IT departments can define new and augment existing
user access control policies. These policies are easily
enforced and extended across all endpoints and over all
physical, wireless, and removable storage devices. This
enables productivity via the ongoing flow of ePHI, while
still ensuring HIPAA compliance.
- Maintaining and updating access - The
Safend Management Console enables system administrators
to check user access rights periodically, another HIPAA
requirement. Safend transfers these sensitive credentials
using a secure SSL channel, so remote systems can be administered
securely from a single location
- Ongoing policy enforcement - Safend
Protector enforces endpoint security policies by monitoring
real-time traffic and applying HIPAA-compliant, highly-granular
security policies over all physical, wireless and removable
storage interfaces. Safend can further ensure that mobile
users and data are secure by encrypting any data written
to removable storage devices or by enforcing the use of
hardware encrypted flash drives only.
|
Safend
for HIPAA Compliance