Kurt Hagerman gave a presentation on the HealthData RepositoryTM and how it addresses key challenges for healthcare organizations. It provides security through multi-layered defenses that meet regulatory requirements. It simplifies compliance through a HITRUST certified infrastructure. It ensures constant high performance and scalability of resources through proprietary technology. It also offers 24/7 support and business continuity through fully redundant infrastructure that can be configured to meet any uptime needs.
2. Today’s Speaker
HealthData Repository™ Deconstructed
Kurt Hagerman
Chief Information
Security Officer
Kurt Hagerman oversees all compliance
related and security initiatives. He is
responsible for leading FireHost in
attaining ISO,
PCI, HIPAA and other certifications
which allow FireHost customers to more
easily achieve their own compliance
requirements. He regularly speaks and
writes on information security topics in
the payments and healthcare spaces,
as well as on cloud security.
3. Agenda
• Security & Compliance Challenges in Healthcare IT
• Principles & Approaches to Address Challenges
• Who Cares?
• What is The HealthData Repository™?
• Addressing:
• Security
• Compliance
• Performance
• Service
• Business Continuity
• Questions & Answers
HealthData Repository™ Deconstructed
4. Security & Compliance
Challenges in Healthcare IT
Business Continuity
& Disaster Readiness
Are vital for organizations
handling sensitive data
Security
Is critical as cyber
threats become
more sophisticated
Compliance
Is difficult & complex
Performance
Organizations need
peak performance and
24/7 data availability
Expert Service
Is required to manage
security to meet the
compliance requirements
HealthData Repository™ Deconstructed
5. Principles & Approaches
to Address Challenges
HealthData Repository™ Deconstructed
Security Zoning Data Isolation Lack of Security
Expertise
7. What is a HealthData Repository™?
HealthData Repository™ Deconstructed
8. Addressing Security
Solution: The HealthData Repository™
provides multi-layered security that meets
or exceeds enterprise best practices and
regulatory requirements.
Pain Point: Security is critical for cloud
environments – especially for any
organization that handles sensitive patient
or medical data.
• Defense in Depth
• Security Ecosystem
• Intelligent Security Model™
HealthData Repository™ Deconstructed
9. Addressing Compliance
• Lower costs, lighter impact on staffPain Point: Meeting HIPAA regulations is
difficult & complex.
• HITRUST certified infrastructure for
faster audits
• Reduced procedural
documentation and policies
• Helps customers de-risk
their own environment
• Restricted access to
sensitive data
Solution: Reduce compliance scope by
putting data in a vault to keep you protected
and auditor-ready.
HealthData Repository™ Deconstructed
10. Pain Point: Organizations need
24/7 access to healthcare data, and
frequently overbuy to ensure their
peak loads are handled.
Addressing Performance
Solution: The HealthData Repository™ scales
resources to meet high demand when you need
it, and save money when you don’t. Data always
remains available.
• Highest performing private
cloud infrastructure
• Scales to match your demands
• Proprietary FluidScale™
technology
HealthData Repository™ Deconstructed
11. Pain Point: Difficulty juggling variety
of healthcare IT demands. Segment
resources to handle compliance and
security.
Addressing Service
Solution: Allows companies to reduce compliance
and security efforts & focus
on core business functions instead.
• Simplified daily operations
• Limited liability and
activity from “everyday”
security incidents
• Supported 24x7x365 by
consultative
and proactive experts
HealthData Repository™ Deconstructed
12. Addressing Business Continuity
HealthData Repository™ Deconstructed
• Fully redundant and
highly available
Pain Point: Healthcare IT applications can’t
afford downtime – they must protect their
patients and data by maintaining business
continuity.
Solution: The HealthData Repository™ is
naturally highly redundant and can be adjusted to
match any level of local and geographic uptime
requirements.
• Can be configured to
meet your specific
business continuity
requirements
Neil: Hello there and thanks for joining us. Today we’ll be taking a close look at the HealthData Repository and talking about all of the ways it can help your organization remove your risk, simplify your compliance and boost your cloud performance. We’ll leave some time at the end to take your questions, and you can also submit questions during the webinar through the chat feature. To mute your phone, <instructions>.
Neil: I’d like to introduce our speaker today. I’m Neil Wu Becker and I’ll be moderating our discussion. You’ll also be hearing from Kurt Hagerman, FireHost’s Chief Information Security Officer, on the specific security and compliance pain points your healthcare organization might be dealing with and how the HealthData Repository can help.
Neil: Now let’s take a look at our agenda today. We’ll be talking about typical healthcare IT challenges for organizations that handle sensitive medical and patient data. Then we’ll talk about what The HealthData Repository is, how it works and who can use it to solve their compliance and security challenges. Then we’ll move on and explore each of the solutions the HealthData Repository offers. Finally, we’ll have some time at the end to take your questions live.
Security is critical as cyber threats become more sophisticated
Compliance is difficult and complex
Organizations need peak Performance and 24/7 data availability
Expert Service is required to manage security to meet the compliance requirements
Business Continuity & Disaster Readiness are vital for organizations handling sensitive data
Neil: Kurt, I’ll turn the discussion over to you as we talk about those common challenges in Healthcare IT.
Kurt: Thanks, Neil.
Whether you’re a hospital, insurance carrier or IT consultant, compliance and security are no doubt your top priorities. Getting HIPAA compliant can be especially challenging for organizations.
Security is probably the most major challenge of all. Cyberthreats keep getting more sophisticated and hackers keep getting more cunning and creative. Organizations must protect their patients’ data.
Performance is another challenge. Companies with variable traffic often overbuy just to make sure their peak loads are handled. And healthcare organizations have to have their data accessible at all times.
That brings us to Service. Organizations often have difficulty juggling all of the business demands on IT and have to segment resources to handle compliance and security.
Finally, part of protecting your environment is making sure you have a strong Disaster Prevention plan, with uptime and business continuity in the event of a crisis.
I’m sure many of these sound familiar. And that’s where the HealthData Repository comes in – a game-changing solution for keeping healthcare data safe in the cloud
Neil: Kurt, who exactly can use the HealthData Repository? What kind of organization is going to benefit from this?
Kurt: If your healthcare application or database deals with regulated EHR and PHI data, HealthData Repository is for you.
Let’s talk about some real-world examples of what customers are experiencing out there and how this brings them faster audits, lower costs and reduced risk.
Hospitals, Dentists and Clinics – any organization providing patient care has significant HIPAA compliance and security needs. Think about the data involved here – test results, diagnostic codes, patient birthdates and billing information. Your average healthcare organization has to protect all of this data while maintaining uptime and performance – physicians need that data to make life or death decisions.
Cloud Application Vendors – when it comes to providing EHR solutions, costs, security requirements and compliance complexity can stall development. HealthcareData Repository can reduce risk and compliance scope with enterprise security and a HITRUST certified cloud. It offers agility and cost-effectiveness for next-gen technologies, all while offering the highest levels of security for HIPAA and other regulatory compliance.
Healthcare IT Consultants need to provide HIPAA compliance and security for their clients while facing pressure to reduce costs. HealthData Repository™ offers a secure, agile and affordable cloud that reduces risk and provides the security needed to comply with HIPAA and other regulatory requirements.
Clinical R&D Service Providers need security for large infrastructures and are also under pressure to reduce cost and accelerate delivery. HealthData Repository™ dramatically reduces provisioning time and hosting costs to support field clinical trials, while maintaining data sovereignty and reducing risk.
So you can see that really any organization that handles sensitive data can use The HealthData Repository to eliminate their compliance headaches and enjoy a smoother, safer cloud environment. There’s no need to hire additional staff to manage it or train on compliance regulations – we take care of that for you.
The HDR is a HITRUST certified cloud infrastructure that helps healthcare organizations deploy a secure and scalable data repository. The result = reduced scope for compliance and faster audits for overall lower cost, while increasing security.
Multi-layered security in the cloud.
Isolated environment decouples data
Restricts administrative access
Protects regulated patient and medical data
Strengthens organization’s reputation
Faster audits. Reduced risk. Stronger performance.
Reduced compliance scope for audits
Simplified compliance processes (time, effort, and cost)
Scalable, flexible options to meet variable demands
Helps organizations de-risk their environment
Neil:
Now let’s take a look at some specific pain points your organization may be struggling with – and how The HealthData Repository can solve them.
Security is always on everyone’s mind. Cyberthreats are always evolving and criminals know healthcare IT is a rich source of data. Kurt, can you give us more detail on how HealthData Repository provides multiple layers of security?
Kurt:
Sure. Healthcare clouds must be secure – there’s no way around it. Patient records, medical data, billing information – all of this is subject to regulation. But many organizations just don’t have the specialized tools and security experience needed for that level of advanced protection.
HealthData Repository provides multiple countermeasures like Web application firewalls, IP reputation management, DDos mitigation and isolated SAN – and then it goes a step farther by providing a safe “vault” for your regulated data.
Because that data is decoupled from the regular IT environment, it’s removed from typical active directory permissions and common or expected data center locations – it stays protected even in the event of attack.
Even administrative access to that data is restricted, with controls that allow a special, segregated set of access permissions. Patients are fully protected, while providers enjoy uptime and immediate access to critical data.
The HealthData Repository is such a convenient tool for businesses that can’t manage this kind of protection in-house. You don’t need to hire additional staff and keep training them to understand the latest security techniques. We offer all of it and manage it for you.
Neil:
What about compliance? Obviously the price of a breach can be catastrophic – from brand damage to lost data and heavy fines, and of course, the loss of patient trust. But we’ve also talked about how HIPAA isn’t that prescriptive, and trying to keep up with the latest recommendations and implement the right security controls can leave organizations confused.
Kurt:
Neil, you’re correct – compliance is a major challenge for many healthcare IT organizations. That’s why Gartner recommends The HealthData Repository <I know they recommended Payment Island – can we say this about HDR?) –it makes compliance simple by reducing your risk, preventing fines and protecting your brand reputation. Because data is decoupled from your IT environments, your entire compliance scope is reduced. You stay auditor-ready, your staff’s burden is lightened, and audits go faster and at a lower cost.
I also want to say that the HealthData Repository is backed up by specialized compliance tools and 24/7 support by certified experts. Because FireHost understands the latest compliance requirements like the back of our hand, our customers can have the peace of mind of knowing they’re meeting all the necessary regulations.
Neil: so let’s talk about performance. I know this is very important in healthcare IT – physicians and other providers need access to medical to make critical decisions.
Kurt:
That’s right, Neil. Organizations also experience variable traffic, so performance is a big challenge. To prepare for the high traffic times, these organizations often buy enough infrastructure for their highest peak load – and as a result, they overpay and overbuy.
The HealthData Repository eliminates latency and scales to provide resources on demand - you pay only for what you need instead of wasting money on what you don’t. You get consistently high speed and performance. - since the cloud infrastructure is virtualized, your application and database will be protected from volatility with multiple intelligent scalability options. Everyone gets access to the data they need it, when they need it.
Autoscale - lets IT administrators pre-set parameters to add memory and processor resources to secure servers whenever they’re needed - without any human intervention. This is a fantastic solution for businesses that experience unexpected spikes or surges outside of normal business hours.
FluidScale - provides all the benefits of Autoscale – but enabling FluidScale takes it a step further so you no longer need a reboot to add those memory and processor units. This gives end users an even smoother experience, since it eliminates error messages and slow response times.
Neil: A common problem we hear from healthcare IT organizations is that they just don’t have the right staff or technology to manage all of this. They juggle so many business demands on IT and end up segmenting resources to handle compliance and security.
Kurt:
Neil, you’re correct. The HealthData Repository is designed as a one-stop solution that takes care of all security and compliance needs. This is fully managed service and support you’re getting – which means your organization can reduce specialized compliance/security efforts and focus on your core business functions, ultimately delivering better patient outcomes.
FireHost monitors both macro trends in attack vectors as well as regulatory changes. Our consultations and dashboards provide the real time information needed to keep you compliant and protected at every moment.
We do the work – and you enjoy multi-layered security, simplified processes and reduced compliance scope.
Neil:
Outages are always a problem when they happen - and we know from experience that they’ve happened to major brands like Twitter, Dropbox and Google. Not only are they expensive, but they can have a life or death impact in a healthcare environment. Whether it’s a natural disaster, outage or a breach, healthcare organizations must keep critical systems up and running.
Kurt:
That’s right. Every second counts when it comes to accessing medical data in the cloud. Organizations need consistent performance and reliable security. Because the HealthData Repository is highly redundant, it keeps system up and running. Redundancy is maximized with geographic uptime – and organizations can maintain business continuity even in the event of a disaster.
Neil:
Now that we’ve taken a look at the insecurity complex rampant in the industry, let’s hear your questions. If you have any security challenges that you’re facing with your provider, let us know and we’ll talk about the right actions to take. Just use the chat feature to submit your questions.