DLP Strategies for Securing Healthcare Data
A broad theme among DLP users is to get staff to think before they share. For instance, at Texas Health Resources, providers are advised to include the word "secure" in the email subject line, and that email will be encrypted and sent securely, says Chief Security Officer Ron Mehring.
If they don't put that word in the subject line, and the DLP technology detects PHI in the message, the provider is notified that he or she has violated the policy, Mehring says. "They now have to interact with the privacy and security offices to resolve that issue, and now that becomes somewhat of a distraction for them," he says.
Texas Health Resources serves a geographic area of north Texas larger than the state of Maryland. The system includes 25 hospitals (17 of which are acute care), more than 21,100 employees, 5,500 physicians with staff privileges, and 3,800 licensed hospital beds. "We have pretty good service management processes in place where they interact with our overall set of IT processes to resolve those issues, and we try to resolve them pretty quickly so escalation works, but you've got to have a structure around it. DLP can't exist in a vacuum. It's got to integrate real cleanly into your overall IT service management practices."
Don't let technology dictate your goals, Mehring says. "I can't imagine a single shortcut when it comes to DLP," he says. "It's a tough solution. You've got to have the dedicated staff for it. You've got to have the talent, and you've got to have the support."
Smaller organizations can take fewer steps, he says. "Encrypt everything," he says. "Make sure users know not to keep data on devices."
Mehring also challenges the coalescence of DLP standards around vendor-specific solutions. "My challenge to vendors is, 'Why are you making me do that?' " he says. "When vendors do that to us they put us in a box, and it's
A vendor-independent solution is transport-layer security standards, and they are emerging now. "How do I get a transaction from Point A to Point B in a secure manner, and how do I ensure it's going to the right person?" Mehring asks.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- 3 Traits Personality Assessments Can't Reveal
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- Carondelet to Pay $35M to Settle Fraud Allegations
- CHS Hacked, 4.5M Patient Records Compromised