As a result of the increasingly sensitive data handled by the healthcare industry, regulatory requirements have been implemented to help increase the security of healthcare providers and associates as well as the data they protect. HIPAA and HITECH set up standards around protecting PHI.
Healthcare organizations also find themselves responsible for complying with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS provides broad requirements for securing personal non-public information used on digital technology in retail systems.
Towards a Secure Healthcare Architecture
All the challenges mentioned above require disparate functionality. Healthcare service providers need to evaluate their security needs at each of the following levels:
- Management Level
Given the widely distributed nature of modern healthcare establishments, the ability to quickly modify and manage security appliances is essential.
- Aggregation Level
The aggregation level is the destination for all data. Typically this is the hospital datacenter. Core security functions such as firewalling, application control and VPN termination take place at this level.
- Business Associate Level
The individual clinic, lab, doctor's office, or any business associate requires security and connectivity for a wide variety of functions including WiFi, voice, and traditional network connectivity. With the addition of consumer connectivity, each associate much also be able to provide security functions such as antimalware and application control.
- Access Level
As healthcare organizations extend access to providers using tablets and to patients using mobile devices, ensuring secure access is critical.
The entire healthcare industry is undergoing a dramatic shift designed to enhance the level of care provided to patients. The sensitivity of patient information has created the need for end-to-end security solutions throughout the entire healthcare network - from doctor's offices all the way to the hospital datacenter.
Healthcare providers can no longer afford to take security lightly. Only with security as the foundation can healthcare organizations build IT services and applications that meet the requirements of the business and healthcare mandates.
Sign up for CIO Asia eNewsletters.