Healthcare Data Loss Prevention

Protect patients’ sensitive data and stay compliant with HIPAA / HITECH rules and regulations.

Award-winning Data Loss Prevention
Cross-platform DLP solution for
mixed networks
Meet compliance with industry laws and regulations

Being subject to probably the most strict regulations, healthcare industry is challenged to implement increased security measures to face the current threats. Having quick access to patients’ medical records is essential in today’s medical practice and means keeping data in an electronic format. Making sure that sensitive information is secure and it can only be accessed on a “need to know” basis is mandatory. Therefore, a Data Loss Prevention solution is a must for healthcare organizations.

Preventing a healthcare data breach or exposure of protected health information (PHI) is not easy and failure to protect confidential patient data can result in fines amounting to millions of dollars. Some of the most known cases include institutions like Departments of Health and Social Services, Medical Universities, Insurance Companies and General Hospitals. So whether you are an IT security professional or IT Manager of a hospital, medical university, health clinic, insurance company or any other third party organization involved in the industry, a Data Loss Prevention solution must be on your checklist.

Depending on your geographical location, some of the most important regulations that affect your organization are:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • European Union Data Protection Directive (EUDPD)
  • The UK Data Protection Act
  • Japan’s Personal Information Protection Act
  • Korea’s Personal Information Protection Act
HIPAA / HITECH Compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a set of standards created to safeguard protected health information (PHI) by regulating healthcare providers. HIPAA was created in 1996 by the US Congress but it took the creation of a new act called HITECH (The Health Information Technology for Economic and Clinical Health Act) to ensure its effectiveness, starting from February 2010.

With respect to the audits, some requirements may be subject to interpretation but from an IT department point of view, compliance means setup of processes and controls that ensure security and integrity of PHI.

The requirements are marked as either Required “R” or Addressable “A”. When it comes to the latest, the item must be completely implemented or the reason why it was not implemented must be documented.

As HIPAA / HITECH compliance also relates to aspects like employee trainings and physical access to the facilities (keys, access cards, tokens) data backup and disposal, Data Loss Prevention and Mobile Device Management solutions cannot solely ensure compliance.

Case study

Spectrum of Hope protects patients and improves data security and compliance with Endpoint Protector by CoSoSys

Spectrum of Hope is Houston, Texas' leading Health and Behavior Intervention and Applied Behavior Analysis treatment center for individuals with autism and developmental delays. It provides life-span services and support to people of all ages affected by autism and other disorders, to help them realize their potential so that they can participate in their families and communities.

The Challenge

Secure patient and financial data from leakage, loss and transfer

The Solution

Spectrum of Hope looked at MyDLP first but concluded that the Endpoint Protector solution from CoSoSys best met its needs. Endpoint Protector offers both security and operational efficiencies. "We like its easy management, reporting and file shadowing features, and how closely it monitors data transfers and simplifies compliance," says McCown.
“It also has the best reporting system I've seen; it doesn't give extraneous information or random numbers, but understandable timestamps showing who did what and when.“ Endpoint Protector gives McCown the audit capabilities he needs for specific management requests. "Endpoint Protector 4 tracks and reports everything, which is more efficient than looking through Windows and import logs," says McCown.
Endpoint Protector includes Content Aware Protection, which McCown uses to get granular advanced control over which data can go out of the organization through various applications like Skype, Outlook, Dropbox, and others – without interfering with user productivity.

The deployment was fast and intuitive with Endpoint Protector's user-friendly interface. “CoSoSys customer service is highly responsive, which reassures me that Endpoint Protector 4 is the right solution for us,” says McCown.

Why Endpoint Protector?

  • Monitors data and file transfers (through E-Mail, USB, Skype, Outlook, Google Drive, etc.)
  • Streamlines compliance
  • Blocks unauthorized file transfers
  • Intuitive and user-friendly interface

Endpoint Protector 4 adds a strong layer of data security. It is heavily relied upon for keeping our data intact and secure, and works well within our current security plan. In addition, CoSoSys customer service is excellent.

Josh McCown

IT Director