Securing access to sensitive health data

Securing access to sensitive health data

Securing access to sensitive health data

 

Coordinating the implementation of an authentication proxy solution to secure access to sensitive health data

 

At a Glance:

A wellness product manufacturer needed help planning and coordinating efforts among multiple internal organizations to implement an authentication proxy solution. The proxy would enable them to secure access to sensitive health data, which was required for their HITRUST CSF certification.

 

The not-for-profit organization Health Information Trust Alliance (HITRUST) helps organizations protect sensitive healthcare information and manage risk within their supply chains. The organization’s Common Security Framework (CSF) is a certifiable framework that encompasses HIPAA, PCI, ISO, NIST, and other regulations, including some that are unique to HITRUST.

 

An authentication proxy is a critical component of the Google “BeyondCorp” model that allows employees to securely access network resources from any location without a virtual private network (VPN). When an organization deploys an authentication proxy using computers with encrypted drives and secure network protocols (HTTPS and SSH), they can comply with HITRUST since they control access to personal data that is stored securely on remote machines.

 

Customer Challenge

Several business partners required our client to become HITRUST certified, and they had a six-month window to prepare for their audit. Failure to implement an authentication proxy solution in a timely manner would have delayed their HITRUST certification.

 

If the organization failed to meet the HITRUST CSF requirements, they risked losing revenue or missing out on future revenue-generating opportunities with their partners. It was also important that the project be proactively driven to successfully coordinate the efforts of Security, Legal, Purchasing, IT, and Infrastructure Engineering.

 

Why They Chose Us

We had previously completed a successful project for the client in which we developed and implemented data integration components for a new ERP system to accommodate the company’s recent growth. Our client was also aware of our deep experience helping organizations prepare for HIPAA, GDPR, and other regulations, which was a key factor in the decision to choose us for the HITRUST IT project.

 

Value and Benefits - “The Wins”

We worked closely with our client’s internal organizations to successfully implement the authentication proxy in time for their HITRUST audit. We ran a successful pilot with the employees accessing personal health information within the scope of HITRUST. Our client will eventually expand the authentication proxy to all employees, thus eliminating network delays due to the VPN while also reducing the overall need for a VPN and the associated costs.