Intelligence Unit
Special Reports
Special Events
Subscribe
Sponsored
Departments
- Leadership
- Finance
- Technology
- Physicians
- Community Hospitals
- Health Plans
- Marketing
- Quality
- Nursing
- HR
Follow Us
DLP Strategies for Securing Healthcare Data
A broad theme among DLP users is to get staff to think before they share. For instance, at Texas Health Resources, providers are advised to include the word "secure" in the email subject line, and that email will be encrypted and sent securely, says Chief Security Officer Ron Mehring.
If they don't put that word in the subject line, and the DLP technology detects PHI in the message, the provider is notified that he or she has violated the policy, Mehring says. "They now have to interact with the privacy and security offices to resolve that issue, and now that becomes somewhat of a distraction for them," he says.
Texas Health Resources serves a geographic area of north Texas larger than the state of Maryland. The system includes 25 hospitals (17 of which are acute care), more than 21,100 employees, 5,500 physicians with staff privileges, and 3,800 licensed hospital beds. "We have pretty good service management processes in place where they interact with our overall set of IT processes to resolve those issues, and we try to resolve them pretty quickly so escalation works, but you've got to have a structure around it. DLP can't exist in a vacuum. It's got to integrate real cleanly into your overall IT service management practices."
Don't let technology dictate your goals, Mehring says. "I can't imagine a single shortcut when it comes to DLP," he says. "It's a tough solution. You've got to have the dedicated staff for it. You've got to have the talent, and you've got to have the support."
Smaller organizations can take fewer steps, he says. "Encrypt everything," he says. "Make sure users know not to keep data on devices."
Mehring also challenges the coalescence of DLP standards around vendor-specific solutions. "My challenge to vendors is, 'Why are you making me do that?' " he says. "When vendors do that to us they put us in a box, and it's
not appropriate."
A vendor-independent solution is transport-layer security standards, and they are emerging now. "How do I get a transaction from Point A to Point B in a secure manner, and how do I ensure it's going to the right person?" Mehring asks.
- Healthcare Leaders Seek Strategic Sweet Spot
- 3 Reasons Wellness Programs Fail
- CMS Issues Health Insurance Exchange Proposed Rules
- Patients Shoulder Nearly 25% of Medical Bills
- MGMA: Physician Compensation Increasingly Based on Quality Measures
- ACOs Widespread, Yet Challenged
- HFMA: Patient Financial Interaction Guidelines Sharpened
- Physician Pay Will Soon Depend on Outcomes
- Data Collaborative Taps Predictive Analytics to Coordinate Care
- HFMA: Revenue Cycle, Reimbursements Share the Spotlight
Comments are moderated. Please be patient.