Hospitals focus on IT security audits

February 20th, 2014 by admin Leave a reply »

After healthcare organization makes decisions on security audit strategies, some aspect has to be considered such as potential impact on daily workflow and the amount of time that elapses between catching an abnormality and resolving the issue. Mark Combs, West Virginia University Hospitals Chief Information Security Officer (CISO) mentioned about the steps to find internal security threats.

Mark Combs mentioned that audit report can stop larger breach. He mentioned about the situation in Florida where a healthcare organization was alerted by federal investigators that one of its employees was filing false tax claims.

“Obviously, we’ve found instances where employees were doing inappropriate things, but we were able to catch them soon enough so that they didn’t grow into one of those larger issues,” Combs said. “Luckily, we haven’t had one yet where federal authorities alert us of an incident.” He further added organizations set their policies as best practices and they need applications in place to enforce those policies.

Combs and West Virginia University Hospitals made decision for use of Iatric Systems’ Security Audit Manager (SAM) product. Rob Rhodes, Senior Director of Patient Privacy Solutions for Iatric Systems said that the integration works well with SAM because it reaches out to any of organization’s systems with PHI and allows us to pull the audit logs and aggregate them in the SAM.

“Once it’s aggregated in SAM, we then run proactive reports and alerts,” he said. “Users can set those up so the algorithms we have go out and look for potential privacy violations. SAM has incident tracking as well.”

West Virginia recently incorporated a policy change when it switched from a legacy system to Epic HER.

We did that to comply with the HIPAA Security Rule, as we were concerned that people would use their access to look at and potentially harm the integrity of their own record if they make mistake. We put “same last name” auditing in place, which is a report that’s native to SAM. Not only were we able to use that in Epic, but for our other half-dozen or so systems as well.  As we contacted managers telling them they weren’t complying with the policy, we saw a huge reduction in people looking at their own accounts through work access.

To get perfect audit reports encryption software for laptops are essential. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Leave a Reply