In 
Healthcare providers will soon be required to provide communication and collaboration platforms that allow seamless integration among the various stakeholders. These changes in information flows, along with an explosion of digital content that needs to be stored and shared, are driving the need for a secure, flexible and scalable IT platform through which Providers, Payers and Health scientists can support collaboration and information exchange.
The transition towards more patient-centric care and decentralised monitoring means providers, patients and payers need to access information that originates outside the hospital setting. The trends toward personalised medicine, prevention and wellness means stakeholders need to connect information from various points within the healthcare value chain — from providers, laboratories, payers and patients. The more this private information is opened to outside entities, the greater the chance that these systems can be compromised either intentionally or accidentally.
How do these security challenges arise in a healthcare industry’s network?
The major challenges to a healthcare provider’s network arise from the different business functions that are increasingly taking place in their network.
Allowing Patient and Provider Access to the Network
Rajesh Maurya, Country Manager, India & SAARC, Fortinet As contradictory as it sounds, healthcare providers are now looking for ways to increase their access to doctors, vendors, and patients through applications and the Internet. With new guarantees for patients regarding access to information and a focus on lowering costs through new initiatives like telemedicine, the entire healthcare centre is driving towards a more collaborative environment – where all parties have access to the information they need.
The most obvious security concern with this approach is ensuring that sensitive information like Protected Health Information (PHI) and payment information are kept separate and secured from general Internet and network traffic. This requires encryption and wireless management technology coupled with traffic shaping technology – to ensure that the appropriate treatment information is accessible and is always at the top priority.
Increased Use of Clinical Informatics to Improve Workflow
Along with the increased collection and flow of data, healthcare organisations are constantly striving to improve workflow – both physical and information. Improved workflows lead to lowered costs, happy and productive caregiving and an environment that allows improved patients’ safety and quality care. The key challenge from a security perspective is ensuring that only the required pieces of data are transferred and nothing more.
Increasingly Stringent Compliance Mandates
As a result of the increasingly sensitive data handled by the healthcare industry, regulatory requirements have been implemented to help increase the security of healthcare providers and associates — as well as the data they protect. HIPAA and HITECH set up standards around protecting PHI.
Healthcare organisations also find themselves responsible for complying with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS provides broad requirements for securing personal non public information used on digital technology in retail systems.
How to Build a Secure Architecture?
All the challenges mentioned above require disparate functionality. Healthcare service providers need to evaluate their security needs at each of the following levels:
Management Level
Given the widely distributed nature of modern healthcare establishments, the ability to quickly modify and manage security appliances is essential.
Aggregation Level
The aggregation level is the destination for all data. Typically, this is the hospital datacentre. Core security functions – such as firewalling, application control and VPN termination take place at this level.
Business Associate Level
The individual clinic, lab, doctor’s office, or any business associate requires security and connectivity for a wide variety of functions – including WiFi, voice and traditional network connectivity. With the addition of consumer connectivity, each associate must also be able to provide security functions – such as antimalware and application control.
Access Level
As healthcare organisations extend access to providers using tablets and to patients using mobile devices, ensuring secure access is critical.
The entire healthcare industry is undergoing a dramatic shift, which is designed to enhance the level of care provided to the patients. The sensitivity of patient information has created the need for end-to-end security solutions throughout the entire healthcare network – from doctors’ offices all the way to the hospital datacentre.
By Rajesh Maurya, Country Manager India & SAARC, Fortinet.
Add new comment