Reviewing future health security projects: DLP, PCI compliance

Oct 24

Author Name Patrick Ouellette

Ross Dworman, Information Security Manager at Northwestern Memorial Hospital, recently spoke with HealthITSecurity.com about how plans for a virtual desktop environment would affect Northwestern’s mobile plans, but the organization has other ongoing projects that affect security as well.

Some of Dworman’s initiatives have already begun and will continue into 2014. One such project is deploying data loss prevention (DLP) efficiently across the organization. Dworman and Northwestern Memorial are in the process of rolling out infrastructure and process that helps them monitor and then safeguard the data flow through various channels and portals of technology. Instead of being all at once, it will be a gradual process. “We’ve done a lot [of DLP] with our email over the last year,” he said. “And we’re doing a lot with Internet access and at the individual desktop level and laptop level so we can safeguard and monitor data moving in and out of USB ports.”

Beyond HIPAA

Though Northwestern Memorial is up-to-date with HIPAA regulations, some of its compliance focus will be in areas beyond solely HIPAA in the near future. Specifically, Dworman said in the coming year there will be a greater concentration on efficient PCI compliance. While the organization does a lot of work around protected health information (PHI), including HIPAA, it’s also seeing a significant uptick in the need to process credit cards and plans on adjusting accordingly. “We just finished a PCI compliance study and in the coming year (Northwest Memorial’s fiscal year started on September 1), one of the major projects is remediating the aspects of our PCI compliance that need to be brought up to date,” Dworman said.

Read Complete Article

The FISMA Focus IPD

Reviewing future health security projects: DLP, PCI compliance

Leave a Reply Cancel reply

Discussion Forums

Important Sites

News Links

Archives