SOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information



Similar documents
CA Technologies Healthcare security solutions:

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Authentication Strategy: Balancing Security and Convenience

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

CA point of view: Content-Aware Identity & Access Management

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

5 Pillars of API Management with CA Technologies

Strengthen security with intelligent identity and access management

An Enterprise Architect s Guide to API Integration for ESB and SOA

Enabling and Protecting the Open Enterprise

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

How To Comply With Ffiec

expanding web single sign-on to cloud and mobile environments agility made possible

accelerating time to value in Microsoft Hyper-V environments

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

Security in the App Economy

content-aware identity & access management in a virtual environment

CA Arcot RiskFort. Overview. Benefits

Can My Identity Management Solution Quickly Adapt to Changing Business Requirements and Processes?

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Closing the Biggest Security Hole in Web Application Delivery

how can I comprehensively control sensitive content within Microsoft SharePoint?

how can I improve performance of my customer service level agreements while reducing cost?

Leveraging Mobility to Drive Productivity and Provide a Superior IT Service Management Experience

The Eight Dimensions of Customer Experience for Financial Services

SOLUTION BRIEF BIG DATA MANAGEMENT. How Can You Streamline Big Data Management?

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Building a Roadmap to Robust Identity and Access Management

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk

The Impact of HIPAA and HITECH

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

IBM Security Privileged Identity Manager helps prevent insider threats

A to Z Information Services stands out from the competition with CA Recovery Management solutions

The Service Provider s Speed Mandate and How CA Can Help You Address It

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

Preemptive security solutions for healthcare

ALERT LOGIC FOR HIPAA COMPLIANCE

Solving the Security Puzzle

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

The Future of Workload Automation in the Application Economy

Achieve Your Business and IT Goals with Help from CA Services

agility made possible

CA Technologies Solutions for Criminal Justice Information Security Compliance

SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE. How Can the CA Security Solution Help Me With PCI Compliance?

agility made possible

CA SiteMinder SSO Agents for ERP Systems

Understanding Enterprise Cloud Governance

CA Process Automation for System z 3.1

Healthcare Information Security Today

Designing a CA Single Sign-On Architecture for Enhanced Security

Securely Outsourcing to the Cloud: Five Key Questions to Ask

White paper. Four Best Practices for Secure Web Access

The Components of Highly Successful Compliance

Beyond passwords: Protect the mobile enterprise with smarter security solutions

SOLUTION BRIEF CA Cloud Compass how do I know which applications and services to move to private, public and hybrid cloud? agility made possible

Enterprise On The Go: 5 Essentials For BYOD & Mobile Enablement

White paper September Realizing business value with mainframe security management

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services

White paper December Addressing single sign-on inside, outside, and between organizations

Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM

Work Smarter, Not Harder: Leveraging IT Analytics to Simplify Operations and Improve the Customer Experience

CA Chorus Helps Reduce Costs, Improve Productivity and Assist With Mainframe Skills Retention

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Addressing Security for Hybrid Cloud

CA Service Desk Manager - Mobile Enabler 2.0

Governance and Control of Privileged Identities to Reduce Risk

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

agility made possible

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

BUYER S GUIDE. Identity Management and Governance

Choosing the Right Project and Portfolio Management Solution

CA Service Desk Manager

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

The Oracle Mobile Security Suite: Secure Adoption of BYOD

Grants Management for CA Clarity PPM gives you the confidence to choose the RIGHT applicants, make the RIGHT decisions, award the RIGHT funds, and to

Select the right solution for identity and access governance

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

How To Improve Your It Performance

Evolved Capacity Management

agility made possible

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Top 5 Reasons to Choose User-Friendly Strong Authentication

AT&T Healthcare Community Online - Enabling Greater Access with Stronger Security

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

HIPAA and HITECH Compliance for Cloud Applications

When millions need access: Identity management in an increasingly connected world

Transcription:

SOLUTION BRIEF SEPTEMBER 2014 Healthcare Security Solutions: Protecting your Organization, Patients, and Information

SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT 94% of healthcare organizations have had at least one data breach in the past two years. 45% report having more than five incidents. The average economic cost of a data breach for healthcare organizations is $2.4M, reflecting increased impact over previous studies. Insider negligence or misuse continues Healthcare Security Solutions: to be the primary cause of data breaches. Protecting Your Organization, Patients, And Information

3 SOLUTION BRIEF: SECURITY SOLUTIONS ca.com Security Challenges For Healthcare Organizations Healthcare organizations today are faced with a range of challenges. These are made more difficult by the increased mobility of their user population, as well as the continued adoption of cloud applications. While these trends present opportunities, they also greatly increase the difficulty of ensuring security across key applications and data. The most critical challenges healthcare organizations face today include: Security and privacy of PHI As Meaningful Use incentives drive healthcare providers to increase their reliance on electronic data, there is an urgent need to adequately secure and protect information. In addition, HITECH legislation enhances HIPAA privacy and security rules mandating costly penalties for data breaches and includes new Protected Health Information (PHI) disclosure regulations. Security breaches can have a negative effect on the organization s brand and credibility, usually resulting in reduced patient revenue. The in-depth survey results on this page highlight the continuing financial and reputational impact of healthcare security breaches, as well as their increased occurrence and complexity. Compliance HIPAA/HITECH have very specific demands for security controls in order to protect PHI from disclosure. The HIPAA Omnibus Rule further extends some of these requirements to business associates who process or transmit PHI. Compliance with these requirements has become more complex, but no less mandatory. Agility Healthcare organizations must be able to quickly deploy new applications to their user populations, in order to respond quickly to market events. The rise of mobility has made the ability to have a common security approach across both Web and mobile apps to be a strong requirement. User convenience Doctors and nurses often have very short interactions with apps as they move around the hospital floor. Easy and quick access to patient and treatment information is critical. In addition, they don t have time or patience for long or redundant login processes. The user experience they encounter should support efficient use of their time rather than hinder it. Cost containment As cost pressures mount, healthcare CIOs will need to take innovative approaches to reduce IT expenses such as server and application consolidation, virtualization, sourcing and cloud computing models. Most importantly, automation of key identity-related processes (such as user provisioning and access certification) can help improve efficiencies and reduce costs. Integration with leading healthcare applications Most providers have deployed leading healthcare applications to manage their clinician and client information. Typically, these key applications include Cerner, Epic, and McKesson, among others. Since these applications generally manage an organization s critical information, automated provisioning of users to these systems, and governance of user access, is a requirement for any identity management platform.

4 SOLUTION BRIEF: SECURITY SOLUTIONS ca.com Meeting User Needs Healthcare organizations have a varied user population, each group of which has similar but different needs. This creates a difficult balancing act for healthcare IT security executives. Healthcare executives Healthcare executives need security capabilities that can help support and grow their business, enable its efficient operation, and protect the security and privacy of confidential health information. Specifically, they need to: Quickly roll out new services for their growing user population, across both Web and mobile. Provide physicians with the information they need to provide top-level care. Protect PHI from insider threat, misuse, disclosure, or external attacks. Enhance compliance with HIPAA and HITECH regulations. Physicians In order to provide high-quality patient care and reduce medical errors, physicians and their staff must be able to securely access, share, and update patient information and records. Providing physicians and their staff with role and identity-based access to specific data and content will enhance the control and security of private information and allow physicians to securely collaborate with other physicians to solve complex clinical problems. Physicians need: Quick, secure, reliable, 24X7 access to patient information regardless of location or device Quick provisioning to the clinical apps that they need Quick and easy password changes Strong but convenient online authentication Role-based access control to prevent improper access Single sign-on across clinical apps Patients Patients need to trust that their PHI is securely transported across a healthcare organization, including Health Information Exchange (HIE), and that they or an authorized physician can securely access their health records anytime, anywhere. In addition, enabling patients to become more proactive in their own healthcare by ensuring their access to secure PHI allows both physicians and patients to take a more active role to better manage their health state while improving patient/physician communication and the overall quality, accuracy and timeliness of the care provided. Patients need: Quick, easy access to personal health records and diagnosis information Mobile access to medical records Confidence and trust that their information is protected from unauthorized access and improper use

5 SOLUTION BRIEF: SECURITY SOLUTIONS ca.com CA Technologies Security Solutions Healthcare organizations need to enable their business for growth opportunities, but they also must protect their applications and health information from improper access, insider threat, and attack. They must also adopt emerging models such as cloud and support the increasing mobility of their users in order to improve their patient engagement and improve efficiencies. CA Technologies Security Solutions can help healthcare organizations enable and protect their business, while leveraging key technologies such as cloud, mobile, and virtualization securely. This provides you, the healthcare security executive, with the agility that you need to respond quickly to an evolving healthcare and regulatory landscape. CA Technologies Security Solutions are focused on helping you meet three critical healthcare imperatives: Deploy secure new applications for your providers, healthcare partners, and patients. Organizations need to be able to roll out new services quickly, and securely, across both Web and mobile. CA Technologies enables you to centralize security policy enforcement which helps to simplify management and reduce the development time for new apps. These solutions also help you improve user engagement by providing a convenient user experience through capabilities such as user onboarding through social identity registration, SSO across Web and mobile apps, and self-service processes to empower end users. Secure your extended healthcare organization. Most healthcare organizations have many employees and partners that need to get access to apps and data spread around the distributed IT environment. These users are often highly geographically distributed, and almost always want to use their own devices for this access. CA Technologies Security Solutions enable your employees and partners to securely and more easily collaborate and share medical and patient information to help ensure more effective treatment. In addition, these solutions provide true employee lifecycle management, from hiring to termination. Automated access provisioning enables quick employee on-boarding, and access certification helps to reduce over-privileged users and reduce administrative time spent in validating users access rights. Automation of these processes can also simplify your compliance audits and help increase accountability. Protect your confidential healthcare information from insider threat and attacks. Today s healthcare organizations must defend against significant threats to their infrastructure and data from both within and outside the network perimeter. Insiders, and especially administrators, pose a significant risk due to the damage they can cause through malicious or inadvertent actions. In addition, external attacks are increasing in sophistication and frequency. CA Technologies Security Solutions enable your organization to implement defense in depth, in which controls at multiple levels help protect against unauthorized access to PHI and improper use of that information. Privileged identity management, data controls, identity management and governance, and advanced authentication are areas that have traditionally been looked at in silos, but may now be combined to enable organizations to secure their IT infrastructure from both internal and external threats.

6 SOLUTION BRIEF: SECURITY SOLUTIONS ca.com Figure A. CA Technologies provides a comprehensive, integrated set of security solutions to enable healthcare organizations to both enable and protect their business, and support the needs of providers, clients, and healthcare executives. CA Technologies Security Solutions Patients Healthcare Execs Doctors and Medical Staff Single Sign-On Advanced Authentication Privileged Identity Management CA Secure Cloud IAM-as-a-Service API Management & Security Identity Management & Governance Data Protection On-premises Apps Cloud Apps Identity Management and Governance It is critical that all clinicians be assigned the proper role(s) for their function within the organization, and that they have only the proper access rights for that role. Therefore, ensuring that all users and roles comply with defined policy helps to protect critical electronic health and personal records from improper use. Identity Management and Governance solutions from CA Technologies help you ensure role compliance through automated identity governance processes. These capabilities include entitlements certification, role management and privilege cleanup, all of which help to ensure that each user has only the proper access rights relevant to their role in the healthcare organization. By implementing role compliance, costs can be reduced, while providing users with better service and reducing security exposure. In addition, a user-friendly business app enables users and managers to request, grant, and certify access very easily and in business terms that helps to simplify the process greatly. Web Single Sign-On (SSO) and Access Management Clinicians need quick access to critical data from different devices as they move through their day. Web single sign-on streamlines the log-on processes with one sign-on sequence for fast access to patient data in multiple authorized applications and databases. Centralized Web access management also helps eliminate security silos thereby simplifying and reducing the costs of security administration, as well as reducing the risk of improper access to patient clinical information. Advanced Authentication Because clinicians often need very quick access to information from various devices, a convenient authentication capability is critical. But the threat of improper access is very real, so strong authentication of users is important to protect sensitive data. CA Advanced Authentication provides strong, risk-based authentication so that the full context of a login attempt is used to determine a risk score, which in turn can be used to force stronger authentication methods or rejection of the attempt. This flexible, strong authentication capability is critical for healthcare providers to protect PHI, achieve compliance, and avoid the potentially reputational impacts of breaches of patient records.

7 SOLUTION BRIEF: SECURITY SOLUTIONS ca.com Privileged Identity Management One of the most important areas of IT risk for healthcare organizations relates to privileged users (IT and security administrators). Whether inadvertent or malicious, improper actions by privileged users can have disastrous effects on the overall security and privacy of confidential information. Therefore, it is essential that admins be allowed to perform only those actions that they are authorized for, and only on the appropriate assets. Privileged Identity Management solutions from CA Technologies provides fine-grained control of what your healthcare IT admins can do, and helps ensure that all their actions are tracked for increased accountability. In addition, the use of shared admin accounts (such as root ) can be eliminated through the use of single-use passwords, further improving security and reducing the pain of your HIPAA compliance audits. Data Protection Even though some healthcare workers may have valid need to access certain PHI, their use of that information should be monitored and controlled. For example, a patient s PHI should not be able to be transferred to a USB device, or emailed outside the organization, in most cases. Data Protection solutions from CA Technologies detect and prevent unauthorized use of confidential healthcare data and provides a spectrum of remediation actions so that effective enforcement of information use policies can be achieved. This capability is designed to protect and control data-in-motion on the network and in the messaging system, data-in-use at the endpoint, and data-at-rest on servers and in repositories across the enterprise. It is an effective deterrent to the improper use of confidential patient information. API Management & Security The healthcare industry, like other verticals, has business-to-business (B2B) and business-to-consumer (B2C) components. These areas both require secure access to application APIs in order to provide the necessary level of services to clinicians, partners, and clients. Secure exposure of APIs requires best practices in security and threat protection including encryption, virtualization and guarding against exploits such as SQL injection and Denial of Service (DOS) attacks, among others. Access to the information provided by APIs mandates two critical capabilities: authentication and authorization. Authentication helps ensure that the requesting party is who they claim to be. Authorization helps ensure that the owner of the information has consented to their information being released, and that the requesting party has the proper role to access it. This is managed by several means including, but not limited to, username/password, certificates or token-based authentication such as SAML or OAuth. In many cases, such as mobile applications, the authenticating entity is the application itself. For authentication in the B2B scenario, authorization is usually managed via database information recording previous consent on the part of the patient; for B2C cases, however, the consent is often real-time interactive approval by the patient to allow the application to access their data. CA API management provides for all of these services in a unified, single point of configuration solution. 81% of organizations allow employees to use their own personal devices to access PHI.

8 SOLUTION BRIEF: SECURITY SOLUTIONS ca.com Identity Management as-a-service Healthcare organizations have the same demands for efficiency that are driving cloud adoption in other industries maybe more so. As a result, the ability to seamlessly connect securely to cloud applications, and to adopt identity management as-a-service is a strong driver for most organizations. CA Technologies delivers a set of robust Identity and Access Management capabilities as hosted, cloud services. These services are based on CA Technologies existing portfolio of market-leading IAM security solutions. In addition, the CA Secure Cloud service infrastructure is hosted, monitored and supported by CA Technologies 24x7x365. These solutions provide very high flexibility to healthcare organizations in their identity management deployment options, supporting both on premises, hybrid, and cloud deployment. Benefits to Healthcare Organizations CA Technologies can help your healthcare organization secure information and applications, as well as deliver new applications and services more quickly to your providers, payers, patients, and partners. These applications can provide a personalized and positive user experience; thereby strengthening users satisfaction and helping you meet your organizational mission and goals. Additionally, CA Technologies enables safe access to your on-premises and cloud applications by extending security to the cloud. Our robust on-premises security solutions protect access to applications whether on-premises or in the cloud. This combination of on-premises and cloud-based security services help you protect your applications today, and migrate to cloud applications at your pace. Reduce risks and prevent security breaches. CA Technologies helps make certain that your critical electronic healthcare resources are protected, as well as helping to ensure that only properly authorized users and patients can access them, and only in approved ways. It allows security events to be logged and analyzed quickly to identify and remediate potential security, fraud and compliance issues, including improper disclosure or use of sensitive medical and/or patient information. Deploy new applications more quickly and securely across Web and mobile. Supporting the access needs of your mobile clinicians and patients is an IT imperative for healthcare organizations. But, developing different security models in Web and mobile apps delays the deployment of both types of apps. CA Technologies Security Solutions enable organizations to more easily and quickly bring out new services, and simplifies the security of both mobile and Web apps through a common, consistent security model for both access methods. Improve regulatory compliance. Your healthcare organization will have the tools necessary to support continuous compliance with HIPAA/ HITECH and other federal and state regulations. With automated and centrally managed security capabilities, along with extensive auditing, your healthcare compliance efforts can become much simpler because you can more easily prove and validate the effective operation of your established security controls. Reduce administrative expense and improve efficiency. Automation of security administrative processes, especially those related to managing practitioners, patients and support staff identities and access rights, can enable significant operational efficiencies, reducing your overall IT costs. Automation can also help to improve user and management productivity, since less time has to be spent working with manual processes.

9 SOLUTION BRIEF: SECURITY SOLUTIONS The CA Technologies Advantage CA Technologies has been a leader in IT management for over 30 years with hundreds of healthcare customers globally in payer, provider and pharmaceutical segments. Security Solutions from CA Technologies deliver enhanced protection for your organization, information, and patients by controlling user identities, access, and usage of vital health and medical information. This important capability increases your overall security, and helps prevent inappropriate breaches and use of your Personal Health Record (PHR) and Health Information Systems (HIS) data. And, our ability to support a wide variety of platforms (from distributed to mainframe) and deployment models (including cloud and virtualized environments) provides a consistent and secure platform across your healthcare IT environment, including emerging technologies. CA Technologies Security Solutions are consistently ranked as leaders in all the major identity management market categories by leading industry analysts. In addition, the breadth and level of integration of these solutions enable our customers to deploy a unified, comprehensive identity and access management solution. With CA Technologies, you can confidently and proactively implement a secure environment to help protect sensitive information, avoid security breaches, improve patient confidence, and meet current and future compliance requirements. Connect with CA Technologies at ca.com CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. CS200-91947_1014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information