Friday, March 11, 2011

Healthcare Provider Prescribes Major Data-Loss Prevention Program

New Jersey's single largest healthcare provider, Saint Barnabas Health
Care System, is rolling out a major data-loss prevention (DLP)
initiative that will enforce new content-control restrictions on over
10,000 laptops, tablets and desktop PCs used by its medical staff.

March 02, 2011 — Network World — New Jersey's single largest
healthcare provider, Saint Barnabas Health Care System, is rolling out
a major data-loss prevention (DLP) initiative that will enforce new
content-control restrictions on over 10,000 laptops, tablets and
desktop PCs used by its medical staff.

More on data loss efforts: Data-loss prevention comes of age

Like all hospitals, Saint Barnabas, which has six main healthcare
locations in the state, must abide by state and federal
privacy-protection rules, such as HIPAA and the HITECH Act, to protect
sensitive patient personal health information or face possible
penalties. However, the Saint Barnabas effort, which will put
Symantec's DLP host-based software on over 10,000 devices, is intended
not to make it harder for physicians and support staff to share
information, but easier, because the DLP software will recognize
what's sensitive and what's not.

"The agent on every desktop and laptop enables policies on what type
of data they collect or what they e-mail," says Hussein Syed, director
of information-technology security at Saint Barnabas Health Care
System about the host-based DLP software.

On its computers, Saint Barnabas has long made use of self-encrypting
hard drives supported by Wave Systems. Current policies require
hospital data taken from hospital computers to be encrypted, such as
with encryption-capable USB drives. But with DLP deployed, Syed
anticipates there will be more flexibility for medical staff because
the DLP on the endpoints will recognize what's patient-health
information data vs. what's "just a medical document," he points out.

The DLP project is getting underway in the next few weeks, and there
are concerns. There's the need to make sure that the thousands of
physicians and staff who will see the effects of DLP's blocking and
warnings, and understand what needs to be done. Physicians are being
kept up to date on the project and so far are largely supportive, Syed
says. But now that it's going into deployment, it will be a matter of
making sure DLP works right for all, especially as the problem of
false positives can occur. "Sometimes there are false positives, so
we're working with IT staff to slowly roll it in," he says.

No comments:

Post a Comment