Events Calendar

Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
26
27
28
29
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Events

Articles

Preserving EHR security and collaborating on BYOD policy

practice fusion guarantees

Similar to many healthcare organizations these days, Shafiq Rab, CIO and Vice President of Hackensack University Medical Center in Hackensack, NJ, uses an all-in approach when it comes to data security. While Rab understands security is a learning process and best practices are developed over time, having best-of-breed products in place on top of regular privacy and security examinations is a must for a 771-bed hospital.

Rab knows that patient’s data is in Hackensack’s hands during care and in turn, they put their privacy in its control. A big part of ensuring patient data is safe and secure is locking down their EHRs with high-level privacy and security controls while being vigilant of internal and external threats by performing security audits. Hackensack University Medical Center has been through Stage 1 Meaningful Use security analyses and now it’s getting ready for Stage 2 Meaningful Use, which has put it in a good position from a security standpoint.

We know that one day we’ll be audited and because of that we look to see if there are any deficiencies. From a few different risk assessments to multiple penetration tests to data loss prevention (DLP), we have put all those things in place. And through those tests, we have a risk mitigation process where a committee meets every month and helps [uphold high security standards].

Rab said Hackensacks uses, for example, McAfee Deep Defender, which runs on Intel, so it can secure the data at the root level. When a user tries to connect a device, the product checks the other root key first and only if it’s can information be saved on [a device]. The organization has EpicCare Links for role-based accesses. For example, if a nurse who works 7-4 p.m. and accesses data she doesn’t need to after 5 p.m., Rab and Hackensack will know about it. Because Hackensack does audits internally and externally, role-based access is important. This level of scrutiny also applies to administrators, as it continually determines who has all access and why they have that kind of access.

In addition to in-house audit tools, we generally don’t ask the consultants who have helped us in the past to do the audit. We instead ask people who we haven’t worked with yet. (The next audit will be in December). They tell us what we need to do better and then we make those changes.

Furthermore, Rab said the organization uses a real-time data locator that ensures all the data ports are locked from, for example, virus-ridden USB sticks. And on a daily basis, Hackensack looks at who’s trying to attack and penetrate in from the outside and ensure there are no distributed denial-of-service attacks (DDoS attacks).

We also have a malware mitigation plan that can help avoid problems from people bringing viruses from home. Part of this is blocking USB drive ports, which upset some people but in the end the IT department supplied internal USB sticks [to be used in the hospital]. That was a little tough for us and we’re still not over it because there are some physicians or nurses who go elsewhere to give presentations.

Hackensack BYOD policy: A collaborative effort

Rab has also learned through years of healthcare industry experience that “Thou shalt not…” policies don’t work when applied to clinical staff. This is especially true for mobile security and BYOD policy. Rab and Hackensack instead choose to embrace the security challenge and adopt it as part of the organization’s culture.

Hackensack allows users to access its network through a BYOD program, but through trial and error the organization has collaborated with clinical staff and developed a policy that fits everyone’s needs. In addition to handing out corporate-owned devices, Rab and Hackensack allowed physicians and nurses to bring in their iPhone or Android device into the hospital to implement device management (MDM) solution from Mobile Iron and Airwatch that’s integrated into its BYOD policy. “The [BYOD] line was about 50-60 people deep throughout the three-day period and my CEO asked me if I was handing out candy,” he said.

For the BYOD phones, Hackensack put the MDM solution with a bubble around it on the device so when they would open the clinical applications, they don’t touch the rest of the data. If a staff member ever lost the device, Rab can control of the application and wipe the app from the phone without losing the rest of the data.

We also asked if we could put controls on the device (such as a laptop or phone) so that we can monitor it to ensure there’s no malicious activity. Instead of us shoving the policy down physicians’ throats, they willingly gave us the opportunity to control the hardware. There was one instance in which someone lost a phone and we quickly initiated “Defense Protocol No. 23″ and in two seconds, we knew where the phone was and the physician was able to get to his phone exactly where he left it.

Putting healthcare applications and data into a bubble on BYOD devices is becoming the norm now, but you have to have good WiFi, a good MDM solution and security policy. But at the same time, you have to have willing people to work with you and trust you.

Rab is a member of the College of Healthcare Information Management Executives (CHIME).

Source

HIMSS Special Part 1: HIT Visionary Zach Fox
Check out industry insight from HIT visionary and DrFirst Executive VP and GM, Zach Fox. Visit DrFirst at HIMSS Booth 6232.
We respect your privacy. Your information is safe and will never be shared.
Don't miss out. Subscribe today.
×
×
WordPress Popup
HIMSS Special Part 1: HIT Visionary David Lareau
Check out industry insight from HIT visionary and Medicomp CEO, David Lareau. Visit Medicomp at HIMSS Booth 3421
We respect your privacy. Your information is safe and will never be shared.
Don't miss out. Subscribe today.
×
×
WordPress Popup
casipoldiyarbetetabetetabetw88w88w88betfokusbetfokuslordbahisparobetparobetbuzbahisbullbahiscasino sérieuxcasino sérieuxcasino sérieuxcasino sérieuxcasino en ligne populairemeilleur site de jeux casino en lignemeilleur site de jeux casino en lignecasino en ligne en francecasino en ligne en francecasino en ligne de confiancebetbinanstwinplayistanbulbahisistanbulbahisistanbulbahisparis sportifs hors arjelonwin üyeliksahabet üyelikrestbet girişpulibetsüperbetinbtcbahiscanlı casino sitelerionline casino1xbet mobilligobet mobilcapitolbetmostbet üyelikbizbet üyelikgobahis girişmatbet girişikimisli girişbordobet girişbetcio girişalfabahisalfabahisbetgoowinxbetwinxbetwinxbetwinxbetbetkanyontaksimbetrexabetrexabetrexabetenobahisbookmaker hors arjelparis sportifs en Italieparier sur les cornersparier sur le nombre de tirsmystake chickenparis hippiques en ligneplinko francecasino diceBetzinoVasyCbetCasino Lucky8betkanyonbetkanyontaksimbettaksimbettaksimbettaksimbetbetistbetistbetistenobahisenobahisenobahisbetkolikbetkoliksmartbahissmartbahissmartbahistrendbettrendbetgamabetgamabetgamabetgamabetaspercasinoaspercasinoaspercasinonisanbetnisanbetnewbahismelbetonbahisbetonredbetonredromabettipobettipobetefes casinobetandreasfixbetbetbababetbababuzbahisbuzbahisbullbahisbullbahisbetsofbetsofall right casinokombinebetbetbinansbetbinansbetbinansmaksatbahisbetbabaorisbetorisbetbizimbahissiyahbethayalbahishayalbahishilbetsantosbettingsantosbettingsantosbettingsantosbettingnerobetnerobetswordbetswordbetswordbetinbahislevabetlevabetlevabetcasiveracasiveracasiverakordonbetkareasbetprincessbetkikbetkikbetkikbetbetmarketbetmarketbetmarketyapbahsinibetingoasyabahishipercasinocasinoperbahisnowsüpertotobetalibahisfaulbetfaulbetrelaxbahisbetingoasyabahiscasinopercasinoperbahisnowbahisnowpiyasabetpiyasabetyonjabetcasinoslotbetibombetibomredwin