SlideShare a Scribd company logo

Healthcare HIPAA Compliance

Apani Enterprise Security Software
Apani Enterprise Security Software

A technology services provider in Sacramento needed to comply with HIPAA regulations by securely transmitting patient healthcare data across different operating systems. Their initial Microsoft IPSec solution lacked scalability and cross-platform compatibility. They implemented Apani's EpiForce solution, which uses IPSec encryption to securely transmit data between servers on different platforms in a centralized, manageable way. EpiForce's flexibility addressed their needs for security, scalability, and support of multiple operating systems and vendors.

1 of 5
Download to read offline
CUSTOMER CASE STUDY HIPAA Compliance Overview “EpiForce has provided us the flexibility and scalability to Apani supplied a scalable HIPAA compliant solution by establishing effectively support our HIPAA secure network communications across multiple operating system platforms. compliance, and ensure confidential Industry: Healthcare patient data remains secure.” Chief Information Security Officer Customer Profile A technology service provider located in Sacramento, California is the IT service Based in Sacramento, California provider California government depends on with cost-effective computing, Provides cost-effective information technology services to state network solutions, electronic messaging, training and project management. departments, counties and cities. They provide these services to state departments, counties and cities For security reasons, anonymity was requested for this case study throughout California. The technology service provider located in Sacramento, California plays an important technology leadership role. Their mandate, for this project, was to implement a viable network solutions for each department that promoted and complied with federally mandated HIPAA regulations. HIPAA Background The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a far encompassing act of legislation originally passed to provide health insurance coverage for workers and their families when they changed jobs. The act has been expanded upon to provide the right to confidentiality of sensitive healthcare information. As part of the act, organizations must protect communications containing health information when transmitted electronically across open networks. They cannot be easily intercepted or interpreted by parties other than the intended recipient. Information systems must be protected from intruders trying to access systems through external communication points. © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
CUSTOMER CASE STUDY HIPAA Compliance Challenge Challenge Summary The challenge was to maintain HIPAA compliance for a proprietary patient To comply with HIPAA regulations by establishing and maintaining secure records application by establishing secure network communications between communications within a proprietary multiple operating system platforms throughout the state. healthcare records management system, which must scale to support thousands of unique end users. The technology service provider delivered services through a powerful network Initial Microsoft IPSec deployment had of mainframes and client server based systems, distributed through a secure limited effectiveness and no scalability statewide network, comprised of systems from multiple leading security due to significant management issues and multi-vendor incompatibilities vendors. As such, scalability, flexibility and ease of management were key criteria to support the multiple operating systems and equipment deployments in place throughout the state. EpiForce vs Microsoft IPSec The technology service provider had deployed small pockets of Microsoft IPSec Cost/Benefit EpiForce MS IPSec within their windows environment, however, this had only limited effectiveness Supports multiple Yes No as it would not support any ‘non-windows’ devices. platforms Ease of In addition, implementing IPSec between large numbers of internal systems High Low Management was simply not practical. The fundamental problem with IPSec has always been Appliance-based manageability. While it is relatively simple to set up a single point-to-point optional Yes No deployment encryption tunnel, the challenge grows exponentially when scaling up to just Flexibility to 25 servers, let alone 100, especially when considering varying expiration dates support varying for certificate of authorities. Yes No security policies by user-group? Another consideration was to deploy all new web-based applications capable of Central manage- ment of security Yes No SSL encryption throughout the network. In reality, this option was not feasible, policies as the cost and use of resources to implement would have been quite tenuous. Automatic deployment of Yes No Stakeholders policy updates The technology service provider had two stakeholders whose needs must be met when deploying new IT initiatives: (1) the internal agencies within the state of California, and (2) the end users relying on these systems to provide public amenities as part of California residency. They work with external systems integration firms to perform these functions; their relationship with © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
CUSTOMER CASE STUDY HIPAA Compliance CompuCom played an important role in ensuring each of these impacted needs was well addressed. Internal Requirements State agencies required a cost effective solution with minimal current year budget impact, while at the same time, minimize technological obsolescence. New IT systems had to be compatible with existing communications and the security infrastructure such that systems may be gradually improved upon over time in a well planned manner. “Establishing External Requirements Thousands of end users access healthcare information databases within the security zones state of California, each expecting the utmost of data security. The number of with different end users was expected to grow substantially over the next few years to tens of levels of thousands. The impact of this project would be far reaching, affecting all health care providers, doctors and pharmacies sharing data with the state’s health administrative information data depository. Ease of use and scalability challenges had to be authority eased addressed to facilitate this ambitious roll out. deployment and SOLUTION Initially, a Microsoft IPSec solution was evaluated. However, it lacked scalability management and could not handle multiple operating system platforms. challenges” EpiForce was selected based on its flexibility, scalability and ability to establish a strong foundation to deploy secure communications within heterogeneous Senior Director, IT Security environments. The decision to select EpiForce reflects a comfort level that data-in-motion will be secure and that sensitive healthcare information will be protected while in the custody of the State of California. The solution had to be scalable to support the growing number of projected users, estimated to be in the tens of thousands over the next several years. Before selecting EpiForce, the technology service provider performed considerable stress testing within a controlled laboratory environment for over twelve months as part of an evaluation program. The recommended implementation included a © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
CUSTOMER CASE STUDY HIPAA Compliance combination of software and hardware based agents to secure communications. Solution Summary EpiForce was implemented to secure • Software agents to support multi-vendor server platforms internal data flows traveling between multiple platforms. This cost effective • Appliance agents to communicate in the mainframe environment approach secured inside the network perimeter using industry proven IPSec encryption technology. With the EpiForce ensures secure network-wide communications between each flexibility to support multiple operating vendor platform and operating system where the proprietary patient records systems and equipment infrastructures, EpiForce enabled the customer to management application is deployed. support each of its varied governmental constituencies. Users seeking prescription or medication history, MediCal / Medicare affiliations or other healthcare related information can access the system through SSL Benefits secured web-browsers; EpiForce secures back end communications while the • Centralized management sensitive data is in transit. • Cross-platform support in a heterogeneous environment • No application rewrites or end Not only does the EpiForce secure data flows throughout this heterogeneous user training required environment, but it automatically enforces security relationships defined • Highly scalable architecture satisfies existing and future end through a centralized management infrastructure. As new security policies user requirements are identified, additional users or servers are added or new associations are • Audit trail simplifies HIPAA compliance established with medical organizations, it is relatively straight forward to adjust • Complements existing network infrastructure the policies to implement the updates in real-time. • Selectively encrypts data in motion © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
CUSTOMER CASE STUDY HIPAA Compliance EpiForce selectively encrypts data-in-motion and provides machine level access control that is two way: both the sender and recipient must authenticate and approve each other’s data transmittals and receipts. This process provides further protection by restricting unauthorized access. ABOUT APANI Apani® is the provider of cross-platform server isolation solutions for large enterprises. Apani’s solution isolates and secures the communication between servers and endpoints without regard to operating system or physical location. Apani EpiForce®, the company’s flagship product, is a software-based alternative to using firewalls and VLANs inside the corporate network. EpiForce enables two powerful disciplines – logical security zoning and policy-based encryption of data in motion. EpiForce is a distributed, centrally-managed solution that is transparent to users, applications and infrastructure – making it quicker to deploy and less costly to manage than hardware-centric solutions. Policy enforced by EpiForce is persistent, which enables protected resources to be relocated without compromising security. Providing an evolutionary improvement in efficiency, flexibility, manageability and total cost of ownership, Apani technology is used by much of the Fortune 500. Based in Southern California, Apani was founded in 2003 and is privately held. More information about the company may be found at www.apani.com. This case study is for information purposes only. Apani makes no warranties, express or implied, in this summary. Customer security mandates the omission For More Information of the integrator and the government offices from this case study. To learn more about EpiForce and Apani, United States +1.714.674.1600 United Kingdom +44 (0)118 9298060 www.apani.com. 002cs0610v5 © 2010 Apani, All rights reserved. All marks are the property of their respective owners.

Recommended

Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
Apani Enterprise Security Software
 
Bi cloud saa_s
Bi cloud saa_sBi cloud saa_s
Bi cloud saa_sYustinus Malawau
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
KVH Co. Ltd.
 
Newcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryNewcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryImprivata
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
VSD infotech
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Arrow ECS UK
 

Recommended

Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
Apani Enterprise Security Software
 
Bi cloud saa_s
Bi cloud saa_sBi cloud saa_s
Bi cloud saa_sYustinus Malawau
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
KVH Co. Ltd.
 
Newcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryNewcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryImprivata
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
VSD infotech
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Arrow ECS UK
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - securityLilian Schaffer
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
Redspin, Inc.
 
Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610
Tommy Tracx Xaypanya
 
Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6David Spinks
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
Redspin, Inc.
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Stealth solution for healthcare
Stealth solution for healthcareStealth solution for healthcare
Stealth solution for healthcarePeter de Bruijn
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security Governance
Booz Allen Hamilton
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilities
nickhutton
 
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesAxoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment Services
Bulent Buyukkahraman
 
Apani EpiForce Security Software Brochure
Apani EpiForce Security Software BrochureApani EpiForce Security Software Brochure
Apani EpiForce Security Software Brochure
Apani Enterprise Security Software
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeTUESDAY Business Network
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mwareReadWrite
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
Sophan_Pheng
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Energy Network marcus evans
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec
 
Movie labs enhanced content protection
Movie labs enhanced content protectionMovie labs enhanced content protection
Movie labs enhanced content protection
Karthikeyan Logantha Chandramohan
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTAR
Jeroen Mengerink
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
YoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 

More Related Content

What's hot

Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
Redspin, Inc.
 
Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610
Tommy Tracx Xaypanya
 
Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6David Spinks
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
Redspin, Inc.
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Stealth solution for healthcare
Stealth solution for healthcareStealth solution for healthcare
Stealth solution for healthcarePeter de Bruijn
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security Governance
Booz Allen Hamilton
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilities
nickhutton
 
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesAxoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment Services
Bulent Buyukkahraman
 
Apani EpiForce Security Software Brochure
Apani EpiForce Security Software BrochureApani EpiForce Security Software Brochure
Apani EpiForce Security Software Brochure
Apani Enterprise Security Software
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mwareReadWrite
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
Sophan_Pheng
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Energy Network marcus evans
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec
 
Movie labs enhanced content protection
Movie labs enhanced content protectionMovie labs enhanced content protection
Movie labs enhanced content protection
Karthikeyan Logantha Chandramohan
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTAR
Jeroen Mengerink
 

What's hot (20)

Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - security
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610
 
Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
Stealth solution for healthcare
Stealth solution for healthcareStealth solution for healthcare
Stealth solution for healthcare
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security Governance
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilities
 
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesAxoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment Services
 
Apani EpiForce Security Software Brochure
Apani EpiForce Security Software BrochureApani EpiForce Security Software Brochure
Apani EpiForce Security Software Brochure
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mware
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
 
Movie labs enhanced content protection
Movie labs enhanced content protectionMovie labs enhanced content protection
Movie labs enhanced content protection
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTAR
 

Similar to Healthcare HIPAA Compliance

Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
YoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Erik Ginalick
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Unisys Corporation
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture,
MITDaveMillaar
 
Ibm rational day-france_what's next
Ibm rational day-france_what's nextIbm rational day-france_what's next
Ibm rational day-france_what's nextDuffy Fron
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
LiveAction Next Generation Network Management Software
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
Vertex Holdings
 
SDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed ServicesSDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed Services
TBI Inc.
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
Mekhi Da ‘Quay Daniels
 
Soluções F5 Networks - FORENSE Tecnologia
Soluções F5 Networks - FORENSE TecnologiaSoluções F5 Networks - FORENSE Tecnologia
Soluções F5 Networks - FORENSE Tecnologia
Deivid Toledo
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdf
LolaHel
 
Medical System Case Study
Medical System Case StudyMedical System Case Study
Medical System Case StudyVladimir Kozak
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Cloudera, Inc.
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 

Similar to Healthcare HIPAA Compliance (20)

Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Personal identity information protection
Personal identity information protectionPersonal identity information protection
Personal identity information protection
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture,
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
Ibm rational day-france_what's next
Ibm rational day-france_what's nextIbm rational day-france_what's next
Ibm rational day-france_what's next
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
 
SDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed ServicesSDN & NFV: Driving Additional Value into Managed Services
SDN & NFV: Driving Additional Value into Managed Services
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
 
Soluções F5 Networks - FORENSE Tecnologia
Soluções F5 Networks - FORENSE TecnologiaSoluções F5 Networks - FORENSE Tecnologia
Soluções F5 Networks - FORENSE Tecnologia
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdf
 
Medical System Case Study
Medical System Case StudyMedical System Case Study
Medical System Case Study
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 

Recently uploaded

Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
awaisafdar
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
HumanResourceDimensi1
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
marketingjdass
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
Bojamma2
 

Recently uploaded (20)

Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
 

Healthcare HIPAA Compliance

  • 1. CUSTOMER CASE STUDY HIPAA Compliance Overview “EpiForce has provided us the flexibility and scalability to Apani supplied a scalable HIPAA compliant solution by establishing effectively support our HIPAA secure network communications across multiple operating system platforms. compliance, and ensure confidential Industry: Healthcare patient data remains secure.” Chief Information Security Officer Customer Profile A technology service provider located in Sacramento, California is the IT service Based in Sacramento, California provider California government depends on with cost-effective computing, Provides cost-effective information technology services to state network solutions, electronic messaging, training and project management. departments, counties and cities. They provide these services to state departments, counties and cities For security reasons, anonymity was requested for this case study throughout California. The technology service provider located in Sacramento, California plays an important technology leadership role. Their mandate, for this project, was to implement a viable network solutions for each department that promoted and complied with federally mandated HIPAA regulations. HIPAA Background The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a far encompassing act of legislation originally passed to provide health insurance coverage for workers and their families when they changed jobs. The act has been expanded upon to provide the right to confidentiality of sensitive healthcare information. As part of the act, organizations must protect communications containing health information when transmitted electronically across open networks. They cannot be easily intercepted or interpreted by parties other than the intended recipient. Information systems must be protected from intruders trying to access systems through external communication points. © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
  • 2. CUSTOMER CASE STUDY HIPAA Compliance Challenge Challenge Summary The challenge was to maintain HIPAA compliance for a proprietary patient To comply with HIPAA regulations by establishing and maintaining secure records application by establishing secure network communications between communications within a proprietary multiple operating system platforms throughout the state. healthcare records management system, which must scale to support thousands of unique end users. The technology service provider delivered services through a powerful network Initial Microsoft IPSec deployment had of mainframes and client server based systems, distributed through a secure limited effectiveness and no scalability statewide network, comprised of systems from multiple leading security due to significant management issues and multi-vendor incompatibilities vendors. As such, scalability, flexibility and ease of management were key criteria to support the multiple operating systems and equipment deployments in place throughout the state. EpiForce vs Microsoft IPSec The technology service provider had deployed small pockets of Microsoft IPSec Cost/Benefit EpiForce MS IPSec within their windows environment, however, this had only limited effectiveness Supports multiple Yes No as it would not support any ‘non-windows’ devices. platforms Ease of In addition, implementing IPSec between large numbers of internal systems High Low Management was simply not practical. The fundamental problem with IPSec has always been Appliance-based manageability. While it is relatively simple to set up a single point-to-point optional Yes No deployment encryption tunnel, the challenge grows exponentially when scaling up to just Flexibility to 25 servers, let alone 100, especially when considering varying expiration dates support varying for certificate of authorities. Yes No security policies by user-group? Another consideration was to deploy all new web-based applications capable of Central manage- ment of security Yes No SSL encryption throughout the network. In reality, this option was not feasible, policies as the cost and use of resources to implement would have been quite tenuous. Automatic deployment of Yes No Stakeholders policy updates The technology service provider had two stakeholders whose needs must be met when deploying new IT initiatives: (1) the internal agencies within the state of California, and (2) the end users relying on these systems to provide public amenities as part of California residency. They work with external systems integration firms to perform these functions; their relationship with © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
  • 3. CUSTOMER CASE STUDY HIPAA Compliance CompuCom played an important role in ensuring each of these impacted needs was well addressed. Internal Requirements State agencies required a cost effective solution with minimal current year budget impact, while at the same time, minimize technological obsolescence. New IT systems had to be compatible with existing communications and the security infrastructure such that systems may be gradually improved upon over time in a well planned manner. “Establishing External Requirements Thousands of end users access healthcare information databases within the security zones state of California, each expecting the utmost of data security. The number of with different end users was expected to grow substantially over the next few years to tens of levels of thousands. The impact of this project would be far reaching, affecting all health care providers, doctors and pharmacies sharing data with the state’s health administrative information data depository. Ease of use and scalability challenges had to be authority eased addressed to facilitate this ambitious roll out. deployment and SOLUTION Initially, a Microsoft IPSec solution was evaluated. However, it lacked scalability management and could not handle multiple operating system platforms. challenges” EpiForce was selected based on its flexibility, scalability and ability to establish a strong foundation to deploy secure communications within heterogeneous Senior Director, IT Security environments. The decision to select EpiForce reflects a comfort level that data-in-motion will be secure and that sensitive healthcare information will be protected while in the custody of the State of California. The solution had to be scalable to support the growing number of projected users, estimated to be in the tens of thousands over the next several years. Before selecting EpiForce, the technology service provider performed considerable stress testing within a controlled laboratory environment for over twelve months as part of an evaluation program. The recommended implementation included a © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
  • 4. CUSTOMER CASE STUDY HIPAA Compliance combination of software and hardware based agents to secure communications. Solution Summary EpiForce was implemented to secure • Software agents to support multi-vendor server platforms internal data flows traveling between multiple platforms. This cost effective • Appliance agents to communicate in the mainframe environment approach secured inside the network perimeter using industry proven IPSec encryption technology. With the EpiForce ensures secure network-wide communications between each flexibility to support multiple operating vendor platform and operating system where the proprietary patient records systems and equipment infrastructures, EpiForce enabled the customer to management application is deployed. support each of its varied governmental constituencies. Users seeking prescription or medication history, MediCal / Medicare affiliations or other healthcare related information can access the system through SSL Benefits secured web-browsers; EpiForce secures back end communications while the • Centralized management sensitive data is in transit. • Cross-platform support in a heterogeneous environment • No application rewrites or end Not only does the EpiForce secure data flows throughout this heterogeneous user training required environment, but it automatically enforces security relationships defined • Highly scalable architecture satisfies existing and future end through a centralized management infrastructure. As new security policies user requirements are identified, additional users or servers are added or new associations are • Audit trail simplifies HIPAA compliance established with medical organizations, it is relatively straight forward to adjust • Complements existing network infrastructure the policies to implement the updates in real-time. • Selectively encrypts data in motion © 2010 Apani, All rights reserved. All marks are the property of their respective owners.
  • 5. CUSTOMER CASE STUDY HIPAA Compliance EpiForce selectively encrypts data-in-motion and provides machine level access control that is two way: both the sender and recipient must authenticate and approve each other’s data transmittals and receipts. This process provides further protection by restricting unauthorized access. ABOUT APANI Apani® is the provider of cross-platform server isolation solutions for large enterprises. Apani’s solution isolates and secures the communication between servers and endpoints without regard to operating system or physical location. Apani EpiForce®, the company’s flagship product, is a software-based alternative to using firewalls and VLANs inside the corporate network. EpiForce enables two powerful disciplines – logical security zoning and policy-based encryption of data in motion. EpiForce is a distributed, centrally-managed solution that is transparent to users, applications and infrastructure – making it quicker to deploy and less costly to manage than hardware-centric solutions. Policy enforced by EpiForce is persistent, which enables protected resources to be relocated without compromising security. Providing an evolutionary improvement in efficiency, flexibility, manageability and total cost of ownership, Apani technology is used by much of the Fortune 500. Based in Southern California, Apani was founded in 2003 and is privately held. More information about the company may be found at www.apani.com. This case study is for information purposes only. Apani makes no warranties, express or implied, in this summary. Customer security mandates the omission For More Information of the integrator and the government offices from this case study. To learn more about EpiForce and Apani, United States +1.714.674.1600 United Kingdom +44 (0)118 9298060 www.apani.com. 002cs0610v5 © 2010 Apani, All rights reserved. All marks are the property of their respective owners.