DLP Strategies for Securing Healthcare Data
A broad theme among DLP users is to get staff to think before they share. For instance, at Texas Health Resources, providers are advised to include the word "secure" in the email subject line, and that email will be encrypted and sent securely, says Chief Security Officer Ron Mehring.
If they don't put that word in the subject line, and the DLP technology detects PHI in the message, the provider is notified that he or she has violated the policy, Mehring says. "They now have to interact with the privacy and security offices to resolve that issue, and now that becomes somewhat of a distraction for them," he says.
Texas Health Resources serves a geographic area of north Texas larger than the state of Maryland. The system includes 25 hospitals (17 of which are acute care), more than 21,100 employees, 5,500 physicians with staff privileges, and 3,800 licensed hospital beds. "We have pretty good service management processes in place where they interact with our overall set of IT processes to resolve those issues, and we try to resolve them pretty quickly so escalation works, but you've got to have a structure around it. DLP can't exist in a vacuum. It's got to integrate real cleanly into your overall IT service management practices."
Don't let technology dictate your goals, Mehring says. "I can't imagine a single shortcut when it comes to DLP," he says. "It's a tough solution. You've got to have the dedicated staff for it. You've got to have the talent, and you've got to have the support."
Smaller organizations can take fewer steps, he says. "Encrypt everything," he says. "Make sure users know not to keep data on devices."
Mehring also challenges the coalescence of DLP standards around vendor-specific solutions. "My challenge to vendors is, 'Why are you making me do that?' " he says. "When vendors do that to us they put us in a box, and it's
A vendor-independent solution is transport-layer security standards, and they are emerging now. "How do I get a transaction from Point A to Point B in a secure manner, and how do I ensure it's going to the right person?" Mehring asks.
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- FDA hopes hospitals will switch to newly regulated pharmacies
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Why You Should Involve Patients in Nursing Handoffs
- Not-for-Profit Hospitals Find Opportunity Amid Uncertainty
- The Most Polarizing Topics in Healthcare IT
- Substance Abuse Resurfaces Among Anesthesiologists in Training
- Safety Net Executives Renew Call to Preserve DSH Payments
- The 5 Biggest Healthcare Finance Trouble Spots