Hospital Secures Data and Achieves HIPAA Compliance

CASE STUDY
Hospital Secures Data and Achieves
HIPAA Compliance with Accuvant
CLIENT’S CHALLENGE
A large hospital is responsible for thousands of sensitive patient
records. With this responsibility comes a strict Health Insurance
Portability and Accountability Act (HIPAA) requirement to keep
the data secure. The hospital was faced with the task of reviewing
current HIPAA controls in its environment, as well as data handling
relating to its Electronic Medical Records (EMR) system.
This task involved focusing on a limited set of controls from the
HIPAA Privacy and Security Rules, and the data handling associated
with the patient health information that is held in the EMR. To better
understand how information moves in and out of the EMR, the
organization needed help with the creation of a data flow diagram.
The hospital realized that a trusted partner would best be able to
understand these requirements and secure its network.
ACCUVANT’S SOLUTION
The large hospital selected Accuvant because of Accuvant’s years
of field experience and knowledge of industry best practices.
Accuvant’s team started the project by meeting with the client to
understand project goals. This included creating a data flow diagram,
determining the current data handling practices around the hospital’s
EMR and reviewing the EMR against requirements of HIPAA Privacy
and Security Rules in relation to access control and data handling.
for information security of the EMR to ensure current policies
and processes were in-line with the required elements of HIPAA
standards, and there was consistency in policy and information
across the organization. After gathering all necessary information,
Accuvant consultants were able to analyze the current state of the
environment for security and compliancy.
Accuvant gathered as much information as possible through the
client’s network diagrams and documentation of the current HIPAA
environment and associated practices. To help set a baseline for
later analysis, Accuvant pulled information from certain topics
in the HIPAA Security Rule, including current administrative
safeguards, physical safeguards and current policies, procedures and
documentation.
Next, Accuvant conducted interviews with the staff responsible
Planning and Risk
Management
Policies and
Procedures
Compliance
Management
Team
Development
Situational
Awareness
Planning and Management
Testing and
Assessment
Incident
Response
Monitoring and Operations
Business
Accuvant has developed a Security
Security Strategy
Success Matrix to help organizations
create a holistic approach to address
Technology
Threats and Intelligence
their problems as part of an overall
information security program.
Defenses and Controls
System
Network
Endpoint
Application
Data
User
Emerging
BUSINESS IMPACT
It is important to meet the HIPAA standards, but organizations should also be aware of
how patient information is being used, and who is accessing it, allowing the organization
to maintain full control of sensitive records.
Accuvant helped this client learn exactly how safe its sensitive patient information
was, including where it is sent, how it is accessed and who is accessing it. Having
this thorough understanding of the state of patient privacy within its hospital, the
organization achieved full visibility into exactly how data flows through its Electronic
Records System. Along with recommendations to improve the security of its
information, Accuvant helped this large hospital achieve HIPAA compliance.
SOLUTION OVERVIEW
Organization Size: Nearly 3,000
employees
Organization Industry: Healthcare
Organization Profile: Hospital
Challenge: Review current HIPAA controls
and data handling around the EMR system,
and complete a data flow diagram relating
to information flow for the EMR system.
Accuvant Services Provided
• HIPAA EMR System Review
•Data Flow Mapping
Results
•Secured View into How Patient Data is
Accessed
•Identified Areas for Security Improvement
•Achieved HIPAA Compliance
Accuvant, a Blackstone (NYSE: BX) portfolio company, is the leading provider of information
security services and solutions serving enterprise-class organizations across North America.
The company offers a full suite of service capabilities to help businesses, governments and
educational institutions define their security strategies, identify and remediate threats and
risks, select and deploy the right technology, and achieve operational readiness to protect their
organizations from malicious attack. Founded in 2002, Accuvant has been named to the Inc.
500|5000 list of fastest growing companies for the last eight consecutive years. The company
is headquartered in Denver, Colo., with offices across the United States and Canada. Further
information is available at www.accuvant.com.
© 2015 Accuvant, Inc. All Rights Reserved. “Accuvant” is a registered trademark of Accuvant, Inc.
1.15 | F1
1125 17th Street Suite 1700 | Denver, CO 80202
800.574.0896
www.accuvant.com