Data Loss Prevention for Healthcare

Data Loss Prevention for HealthcareMore than 100 healthcare organizations are using TrueDLP to protect Patient Health Information (PHI) from inadvertent disclosure. Code Green Networks Data Loss Prevention (DLP) for healthcare organizations ensures compliance with regulations such as the HIPAA Security Rule, PCI, Joint Commission, and state privacy regulations. Under the HITECH Act, implementing Data Loss Prevention meets meaningful use criteria, enabling healthcare organizations to receive maximum reimbursement by providing controls to protect Electronic Health Records (EHR).

Analyze Potential Risks to Electronic PHI

Data Loss Prevention tools provide a number of mechanisms to analyze risks to PHI per the HIPAA Security Rule and limit PHI access to the “Minimum Necessary”.

  • Discover PHI stored on laptops, workstations, and servers that are unencrypted
  • Measure PHI being emailed out of your organization
  • Detect PHI being transferred out of your organization in unencrypted FTP
  • Audit PHI being copied to USB devices or burned to CDs or DVDs
  • Track and control PHI in, or being uploaded to, the Cloud

Train Workforce Members on Security Policies

Data Loss Prevention tools prevent user actions that put your organization at risk and educate users on the appropriate handling of PHI.

  • Prompt a user for justification when PHI is copied to USB Mass Storage devices
  • Notify a user when a file containing PHI is attached to an email leaving your organization
  • Notify an administrator when a file containing PHI is copied to an unprotected share
  • Move a potentially sensitive file trying to be uploaded to the Cloud to a protected folder

Periodically Assess Security Policies

Data Loss Prevention tools provide a mechanism to continuously assess security policies and procedures.

  • Inspect every email and web transaction for the presence of PHI
  • Measure effectiveness of other controls by monitoring where PHI is moved once it leaves your central EHR system
  • Get Daily, Weekly, and Monthly reports measuring incidents of interest and potential loss trends

TrueDLP Features for Healthcare Organizations

Code Green Networks has invested significant resources to tailor TrueDLP to healthcare organizations.

  • Data Loss Prevention Policy Templates specifically designed for healthcare organizations
  • Unique protocol handlers to identify HL7 v2, HL7 v3, or e-PHI transmitted over X12
  • Specialized connectors to Cerner, EPIC, Meditech, GE Health Systems, McKesson
  • Specific healthcare code sets (e.g. HCPCS, ICD-9, ICD-10, LOINC, and NDC) as built-in dictionaries to prevent patient data from inadvertently leaving the organization

Additional Resources

For more information on Code Green Networks solution for healthcare check out these resources: