There is
little doubt that the HITECH Act raises the stakes for
security breaches. Along with the new requirements around
managing Protected Health Information (PHI) there are
mandatory penalties with fines ranging from $25,000 to as much
as $1.5 million. If your facility is
looking at ARRA money you must mitigate exposure risks. Healthcare
facilities utilizing the IBM iSeries (AS400) running ADT
systems that provide green screen access or running Clinical
systems that access data stored on the iSeries are probably
not in compliance unless they have installed security products
like THOR Secure.
THOR Secure provides hospitals with
the tool necessary to eliminate unauthorized access to these
security holes. Additionally, it provides alerts and audit
trails to data access. Based on a rules engine THOR Secure can restrict access by user id, by IP address, or at the object level.
THOR Secure runs natively on your IBM
iSeries (AS400) THOR
Secure can help your facility with HIPAA and HITECH
compliance. Just one security breach will not only result in a
significant penalty or possible litigation, but will also
damage the reputation of the healthcare facility.
Holes in
your security
Healthcare facilities utilizing the IBM iSeries (AS400) and running ADT or Clinical systems may have the following exposures:
FTP
Facilities often use FTP to transfer data from one system to
another. Any of your users can use FTP to easily and virtually
undetectably transfer your confidential patient data to a USB
drive and remove it from your facility. Users could also
replace patient data using FTP. Users can access FTP from a
command prompt on their PC or can download any number of free
FTP tools from the internet that will simplify the task of
removing patient data.
ODBC
/ JDBC / OLE
If your facility is utilizing a Clinical system that runs in a
web browser, you have another exposure that must be protected
against. Users not only have access to capture patient data on
removable devices like USB drives, but can also update patient
data leaving little or no audit trails. Facilities can still
have this exposure even without a Clinical system.and users
can access confidential information using such common programs
as Microsoft Excel and Crystal Reports.
Client
Acess Data Transfer
If your users use the IBM 5250 Emulator they most likely have
access to transfer confidential patient information from your
iSeries (AS400). This capability is built into the IBM
Emulator and leaves little or no audit trail.
|