Product/Service

Information Risk Management For Protected Health Information

Modernizing health IT is a key focus for economic recovery - governments around the world are funding strategic stimulus initiatives for IT investment in healthcare, such as the American Recovery & Reinvestment (ARRA) HITECH Act 2009.

Modernizing health IT is a key focus for economic recovery - governments around the world are funding strategic stimulus initiatives for IT investment in healthcare, such as the American Recovery & Reinvestment (ARRA) HITECH Act 2009.

Development of electronic health records (EHR) is at the heart of the drive to modernize - the key aims being, to improve information-sharing between healthcare professionals and achieve better patient outcomes at a lower cost of service delivery.

With the continued adoption of electronic health records - as well as an increase in the portability of sensitive clinical and business data, high-profile security breaches, and enhanced compliance requirements - the need to secure patients' personal and private information is a priority within the healthcare industry.

With best-in-class services, products and partnerships, RSA provides an information-centric approach to security for the healthcare industry, which helps customers to proactively manage their security at the same time as helping them to address multiple regulatory requirements, such as HIPAA, US State Privacy Laws, the EU Data Directives and other regulatory requirements.

The RSA solution adopts a framework-based approach founded on industry standards and security best practices such as ISO 27002 and ISO 27799 for health informatics, to provide healthcare organizations with a comprehensive and holistic strategy to mitigating the security risks that sensitive information, such as PHI and PII, is exposed to throughout its lifecycle - as it is created, transmitted, accessed and stored across an increasingly complex healthcare infrastructure.

The RSA solution enables healthcare organizations to:

  • Discover and classify PHI and PII. As your organization stores increasing volumes of sensitive data like PHI and PII - in clinical departments, billing and claims systems, networks, data centers, patient portals and EHR solutions - can you confidently identify where all of it resides, and the risks it is exposed to? What would be the impact on your organization if PHI or PII was leaked, either accidentally or deliberately?
  • Put policies, data controls and access controls in place to manage and protect sensitive data. Can you ensure secure collaboration and sharing of electronic patient information across key users, including physicians, clinical staff consultants, and patients themselves? As online and remote access to sensitive data becomes more widespread, do you have the policies and procedures in place to control user authentication and authorization?
  • Monitor and report on security policy effectiveness and demonstrate compliance with internal security policies and external regulations. Do you have sufficient visibility of the risks that unsecured PHI may be exposed to, in real time, to reduce security risks? Are you ready to comply with the range of data security requirements, such as those mandated by HIPAA, which will support the adoption and acceptance of EHR by patients and health workers?