Now, more than ever, healthcare organizations need to ensure that their security operations and strategy are both highly efficient and effective to avoid financial impacts and damage to reputation.
While intended to improve the healthcare experience, the medical technological evolution has lacked a strong enough security posture, which helps contribute to the industry’s label of having the highest per-record data breach cost among all regulated industries.
To complicate matters further, innovation needs to happen while protecting patient privacy, safety and personal health information (PHI), as well as staying compliant with regulatory requirements (HIPAA and FDA) and best practices (HIMSS and AHIMA).
That was the question facing a global $28B, Fortune 200 medical therapeutic technology innovator helping transform the treatment options for over 7 million patients annually. This innovator initially worked with CSS to identify a secure way to enable the emerging BYOD trend in their enterprise workforce, as well as to ensure the satisfaction of their users. Their next business challenge was how to exceed new HIPAA data security requirements to protect PHI across all the wireless connection and human access points designed to remotely adjust a patient’s pacemaker.
The innovator built a device that sits on a patient’s bed stand while they sleep that talks to their pacemaker and collects the biometric information about how their body is performing. As the device collects that information, it is aggregated and sits on the device until morning when it transmits the data to the hospital data center. The datacenter then analyzes the biometrics relation to the pacemaker and routes information over to the nurses' station to give the nurse a report on how the patient’s pacemaker is performing.
If the nurse identifies an anomaly in the biometric data, the doctor is alerted at home to review the information, which he can do from an iPad. If the doctor decides to make a pacemaker adjustment, the setting changes can be authorized and transmitted to firmware for that individual patient’s pacemaker – all without the doctor ever leaving the house.
CSS helped secure the entire chain of data communication by assisting this client with the implementation of a strong PKI environment to issue trusted digital certificates used to confirm digital identity, encrypt data and authorize remote actions. The first problems solved were related to verifying the identities of people and devices. Ways were needed to confirm that the pacemaker providing the biometric data was indeed the pacemaker on the patient’s bed stand” and “how to verify that the biometric data was indeed that patient’s data”. Next, CSS helped them implement security tools to encrypt the data to address the challenge of protecting the data in motion and at rest across multiple access points and networks. Then, CSS helped implement a code signing solution to ensure it was the doctor authorizing the pacemaker changes. Finally, this innovator needed an efficient way to monitor and manage thousands of digital certificates, choosing to implement the CMS software to prevent outages, interception of information and unauthorized access.
Healthcare security is no longer just about protecting access to internal servers and applications. Today, there is a heightened need to protect sensitive patient personal, financial and health data. Equally as paramount is protecting the safety of patients who rely on diagnostic or therapeutic technologies that transmit or stores data, especially wearable and implanted devices with remote monitoring or controlling capabilities.
CSS software and services enable clients to: