DATA LOSS PREVENTION FOR HEALTHCARE

Data Loss Prevention (DLP) for healthcare organizations ensures compliance with regulations such as the HIPAA Security Rule, PCI, Joint Commission, and state privacy regulations. Under the HITECH Act, implementing Data Loss Prevention meets meaningful use criteria, enabling healthcare organizations to receive maximum reimbursement by providing controls to protect Electronic Health Records (EHR).


Analyze Potential Risks to Electronic PHI

Data Loss Prevention tools provide a number of mechanisms to analyze risks to PHI per the HIPAA Security Rule and limit PHI access to the “Minimum Necessary”.
  • Discover PHI stored on laptops, workstations and servers that are unencrypted
  • Measure PHI being emailed out of your organization
  • Detect PHI being transferred out of your organization in unencrypted FTP
  • Audit PHI being copied to USB devices or burned to CDs or DVDs

Train Workforce Members on Security Policies

Data Loss Prevention tools prevent user actions that put your organization at risk and educate users on the appropriate handling of PHI.
  • Prompt a user for justification when PHI is copied to USB Mass Storage devices
  • Notify a user when a file containing PHI is attached to an email leaving your organization
  • Notify an administrator when a file containing PHI is copied to an unprotected share

Periodically Assess Security Policies

Data Loss Prevention tools provide a mechanism to continuously assess security policies and procedures.
  • Inspect every email and web transaction for the presence of PHI
  • Measure effectiveness of other controls by monitoring where PHI is moved once it leaves your central EHR system
  • Get Daily, Weekly, and Monthly reports measuring incidents of interest and potential loss trends

TrueDLP Features for Healthcare Organizations

Code Green Networks has invested significant resources to tailor TrueDLP to healthcare organizations.
  • Data Loss Prevention Policy Templates specifically designed for healthcare organizations
  • Unique protocol handlers to identify HL7 v2, HL7 v3, or e-PHI transmitted over X12
  • Specialized connectors to Cerner, EPIC, Meditech, GE Health Systems, McKesson
  • Specific healthcare code sets (e.g. HCPCS, ICD-9, ICD-10, LOINC, and NDC) as built-in dictionaries to prevent patient data from inadvertently leaving the organization

Case Study: St. Charles Healthcare

Data Sheet: Healthcare Data Loss Assessment

White Paper: Protecting Healthcare from Patient Data Loss


What Our Customers Are Saying

“The current push to gain efficiency in healthcare through adoption of electronic medical information systems brings with it a need for expanded protection of that information. Applying Code Green’s innovative data loss prevention technology to this emerging healthcare market offers that expanded protection.”
Randall Spratt
Executive Vice President, Chief Information Officer and Chief Technology Officer McKesson Corporation

“Within literally minutes of the appliance being plugged in, we started collecting data. Once we saw items that could become major issues for us, we were able to remediate potential problems right away.”
Steve Scott
Information Security Manager Saint Charles Health System

“While we have long used industry-standard tools for IT security, our goal is to remain at the forefront of data protection procedures and policies. TrueDLP effectively protects the sensitive information within our many, large databases from being deliberately or inadvertently exposed. TrueDLP has a strong track record of detecting data that should not leave the organization.”
John Cell
Senior Vice President and Director Gilmore Research Healthcare Division