Thursday, March 03, 2011

Healthcare provider prescribes major data-loss prevention program

Healthcare provider prescribes major data-loss prevention program

Saint Barnabas Health Care System to set up data-loss prevention system to enforce content-control restrictions on over 10,000 laptops, tablets and desktop PCs

By Ellen Messmer

New Jersey's single largest healthcare provider, Saint Barnabas Health Care System, is rolling out a major data-loss prevention (DLP) initiative that will enforce new content-control restrictions on over 10,000 laptops, tablets and desktop PCs used by its medical staff.

Like all hospitals, Saint Barnabas, which has six main healthcare locations in the state, must abide by state and federal privacy-protection rules, such as HIPAA and the HITECH Act, to protect sensitive patient personal health information or face possible penalties. However, the Saint Barnabas effort, which will put Symantec's DLP host-based software on over 10,000 devices, is intended not to make it harder for physicians and support staff to share information, but easier, because the DLP software will recognize what's sensitive and what's not.
"The agent on every desktop and laptop enables policies on what type of data they collect or what they e-mail," says Hussein Syed, director of information-technology security at Saint Barnabas Health Care System about the host-based DLP software.
On its computers, Saint Barnabas has long made use of self-encrypting hard drives supported by Wave Systems. Current policies require hospital data taken from hospital computers to be encrypted, such as with encryption-capable USB drives. But with DLP deployed, Syed anticipates there will be more flexibility for medical staff because the DLP on the endpoints will recognize what's patient-health information data vs. what's "just a medical document," he points out.
The DLP project is getting underway in the next few weeks, and there are concerns. There's the need to make sure that the thousands of physicians and staff who will see the effects of DLP's blocking and warnings, and understand what needs to be done. Physicians are being kept up to date on the project and so far are largely supportive, Syed says. But now that it's going into deployment, it will be a matter of making sure DLP works right for all, especially as the problem of false positives can occur. "Sometimes there are false positives, so we're working with IT staff to slowly roll it in," he says.

No comments: