No Broken RecordsBy Samuel Greengard | Posted 2011-06-16 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
As information technology changes the face of medicine, IT executives are recognizing the need to build a integrated platforms and share data in innovative ways.
No Broken Records
Protecting data and complying with HIPAA requirements are major challenges facing the health care industry. Maimonides Medical Center, a 705-bed facility in Brooklyn, N.Y., has more than 90 applications that contain patient information, and all are interconnected to EMRs, notes Gabriel Sandu, senior director of technical services. The facility requires visibility into all these systems and records, but, in the past, it took weeks to prepare reports and satisfy HIPAA audits.
No longer. The medical center now relies on a User Activity Management (UAM) system from PacketMotion to streamline reporting and auditing. The application, PacketSentry, monitors and records user access, while enforcing policies for database access, including repositories holding public health information (PHI). The system identifies and audits PHI resources to protect patient information, while limiting communication to and from third-party devices that are not owned or controlled by the hospital’s IT staff.
“Instead of building a huge data warehouse, we decided to build a smaller repository and track the data in motion,” Sandu explains. Analysts at the facility can review who accessed, deleted and updated data—and examine questions and issues related to the entire data population. Combined with data encryption and other internal controls, “It has simplified and improved processes and controls dramatically,” he says.
Into the Cloud
The need to share documents and data is creating both opportunities and challenges for health care providers. As a result, some are turning to cloud computing to boost productivity.
At Bay Cove Human Services, a Boston not-for-profit organization that assists more than 4,000 individuals with developmental disabilities, behavioral disorders and substance abuse problems, approximately 1,600 employees share reports and other files across 140 offices. Many of these branches aren’t connected to the central network. Nevertheless, “Because these documents contain private health information, they must be fully protected,” says CIO Hilary Croach.
In the past, e-mailing and calendaring posed huge obstacles—particularly because there was no way to sync files or adopt effective version controls. To solve the problem, Bay Cove began using Google Apps. “It’s highly collaborative and it allows us to manage records in a powerful way,” Croach says.
The organization relies on CloudLock for Google Apps to secure the cloud-based environment. The application encrypts data and transmissions through the Web browser—making it suitable for use even at public WiFi hotspots. It also improves compliance and auditing capabilities.
This approach, Croach notes, saves more than $10,000 annually in email and word processing licensing fees, and it also eliminated a $100,000 licensing fee for the previous email product. The system helps Bay Cove analyze usage patterns, identify when data is exposed and fix problems immediately.