The SECURITY & PRIVACY NEWSLETTER is published monthly in support of the healthcare industry's efforts to work together towards compliance in security and privacy. Subscribers total over 3,000.
In this issue:
1. Monthly HIPAA Compliance Tip:Network Perimeter: Edge to Core Defense
2. Pediatric Telemedicine Program Helps Local Family
3. Data Loss Prevention Best Practices Booklet
4. A Pragmatic Approach to Selecting the Right Single Sign-On Solution
5. Grants Funding Analysis Provided by TANDBERG
6. AT&T Present a Web cast: An Integrated Approach: Process Flow Management Utilizing RFID REPLAY
7. Single Sign-On (SSO) Executive Brief Available
8. Complimentary 2-Day CHP Program Delivered at Your Site
1. Monthly HIPAA Compliance Tip: Network Perimeter: Edge to Core Defense
Brought to you by: Ali Pabrai, CISSP, CSCS, HIPAA Academy
When it comes to the network perimeter – the first line of defense for any organization – “integration” of capabilities at the perimeter is critical to a successful defense. Integration of security capabilities protects vital assets from malicious software such as viruses and worms, as well as capabilities to detect attacks on the infrastructure. Organizations today have to secure three critical tiers of their digital information infrastructure:
- Perimeter systems
- Server systems
- Client systems
The systems at the perimeter include routers, firewalls, Web servers, and other Internet-facing devices configured on the network. These are systems typically referred to as systems on the “edge” of the network. Next, the crown jewels of any organization today are their server systems – these include file servers, database servers as well as application servers. These systems “manage” the critical data of the organization. These systems form the “core” of the network and must be secured. End-user systems, or client systems, are mobile and might connect to the infrastructure from the inside or the outside – that makes this “edge” of the network so challenging to secure.
The challenge for healthcare organizations includes the need to provide Web access to physicians as well as patients for access to sensitive information. End-user client systems are increasingly mobile, or remote, which makes security at the perimeter as well as client systems’ critical priorities.
Security practitioners need to closely review the type of information people from the outside are authorized to access and design an infrastructure that delivers “secure” access to all such information. Organizations are also looking at vendor solutions that are increasingly integrating multiple capabilities in a single box at the perimeter and consolidate capabilities on end-user client systems as well. Besides the U.S. regulations that organizations need to be compliant with, a really valuable reference to be familiar with is the ISO 27002 (ISO 17799:2005) – international security standard.
For a free quick reference card on the ISO 27002 international security standard,please email technologysolutions@aha.org
2. Pediatric Telemedicine Program Helps Local Family
David and Heather Lisk of Oroville excitedly awaited the birth of their newest family member at Oroville Hospital's Mother Baby Care Center. But within minutes, their newborn son Reed, experienced some serious complications.
"At first they thought my son was just cold, because he looked blue, but they immediately started running tests to determine if anything was wrong," said David Lisk. Fortunately, pediatrician Dr. Alice Alino was able to identify there was a problem and ordered tests, including an echocardiogram - or ultrasound of the heart.
The baby's heart images were downloaded immediately over a secure Internet connection to a pediatric cardiology team at UC Davis Medical Center through the Oroville Hospital Telemedicine Program.
To get a copy of the complete article, email technologysolutions@aha.org
3. Data Loss Prevention Best Practices
Hospitals and healthcare organizations worldwide are losing data without even realizing it – and the effects can be severe. Add in the always-changing regulatory environment, and security is a unique challenge. Recently, IronPort sponsored a report entitled, Data Loss Prevention Best Practices. as well as discussion of best practices and technology solutions, this report outlines DLP strategies to help round out a successful risk management portfolio. Take control and prevent data loss before it happens to you.
To receive a free copy of the booklet, please email technologysolutions@aha.org
4. A Pragmatic Approach to Selecting the Right Single Sign-On Solution
Successfully implementing SSO solutions can be challenging both technically and organizationally. Deployments are impacted by a number of considerations including the number and nature of users being served, the environments they operate and the types of applications they use.
CA has prepared a podcast that will address the following questions:
- How should you evaluate potential SSO solutions?
- What pitfalls should you avoid?
The podcast help customers to make a sound decision in selecting an SSO solution to alleviate pains during implementation and future maintenance.
To hear the podcast, click here.
5. Grants Funding Analysis Provided by TANDBERG
Need assistance in funding your distance learning, telemedicine or communications project? Request a complimentary funding analysis from TANDBERG's Grant Services Team.
Click here to begin the research.
6. AT&T Present a Web cast: An Integrated Approach: Process Flow Management Utilizing RFID REPLAY
Rising healthcare costs, changes in the social culture, industry consolidation, and government legislation are driving changes in the delivery, administration and management of patient care. Organizations that do not leverage the opportunities presented by RFID will find it challenging to compete on a cost basis, deliver on new patient service demands and attract new revenue.
Learn about:
- How healthcare organizations must integrate, automate and optimize job functions and business practices to succeed
- How workflow process management advocates an integrated approach to identify opportunities for improvement
- How real-time location of staff and patients increases throughput, reduces waiting times and improves patient satisfaction
7. Single Sign-On (SSO) Executive Brief Available
The challenge to healthcare organizations is that providers want easy and secure access to aggregated data across multiple systems. These systems include mainframe, distributed, Internet as well as mobile devices. Critical patient data typically resides on disparate systems and applications across multiple platforms. Clinicians want to review all patient data before making diagnoses and treatment decisions. There is a strong need for a unified access to patient data the capability to centrally monitor and report (audit) access across all applications. This requirement for clinicians can be met by using a combination of a single sign-on (SSO) and context management solution.
With a secure SSO solution, end-users will need to remember one password for access to key systems and applications they are authorized to use. With a context management solution clinicians can access same patient records in multiple applications seamlessly. In this ecfirst.com executive brief PDF we examine the area of SSO and context management. We review best practices for organizations to consider as they get started with initiatives to address user credential and integrated information challenges.
To get your complimentary copy of this comprehensive executive brief on SSO, please email technologysolutions@aha.org
8. Complimentary 2-Day CHP Program Delivered at Your Site
Get HIPAA certified at your site. For a complimentary 2-day Certified HIPAA Professional (CHP) program delivered at your site, please contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net. Only qualified organizations will be considered. Session will be confirmed after review by the HIPAA Academy. Certain terms and conditions apply.
