THOR Systems - Your Bed Board Experts Your Bed Board Experts
  3223 South Cherokee Lane
  Suite 1510
  Woodstock, Georgia 30188
  770-592-THOR (8467)

THOR Secure
There is little doubt that the HITECH Act raises the stakes for security breaches. Along with the new requirements around managing Protected Health Information (PHI) there are mandatory penalties with fines ranging from $25,000 to as much as $1.5 million. If your facility is looking at ARRA money you must mitigate exposure risks. Healthcare facilities utilizing the IBM iSeries (AS400) running ADT systems that provide green screen access or running Clinical systems that access data stored on the iSeries are probably not in compliance unless they have installed security products like THOR Secure.

THOR Secure provides hospitals with the tool necessary to eliminate unauthorized access to these security holes. Additionally, it provides alerts and audit trails to data access. Based on a rules engine THOR Secure can restrict access by user id, by IP address, or at the object level. THOR Secure runs natively on your IBM iSeries (AS400) THOR Secure can help your facility with HIPAA and HITECH compliance. Just one security breach will not only result in a significant penalty or possible litigation, but will also damage the reputation of the healthcare facility.

Holes in your security
Healthcare facilities utilizing the IBM iSeries (AS400) and running ADT or Clinical systems may have the following exposures:

FTP
Facilities often use FTP to transfer data from one system to another. Any of your users can use FTP to easily and virtually undetectably transfer your confidential patient data to a USB drive and remove it from your facility. Users could also replace patient data using FTP. Users can access FTP from a command prompt on their PC or can download any number of free FTP tools from the internet that will simplify the task of removing patient data.

ODBC / JDBC / OLE
If your facility is utilizing a Clinical system that runs in a web browser, you have another exposure that must be protected against. Users not only have access to capture patient data on removable devices like USB drives, but can also update patient data leaving little or no audit trails. Facilities can still have this exposure even without a Clinical system.and users can access confidential information using such common programs as Microsoft Excel and Crystal Reports.

Client Acess Data Transfer
If your users use the IBM 5250 Emulator they most likely have access to transfer confidential patient information from your iSeries (AS400). This capability is built into the IBM Emulator and leaves little or no audit trail.

Any questions or comments about this site, contact webmaster@THORinc.com.
Copyright 2003-2010 THOR Systems, Inc.