Posted by: Azaltsman
data leakage prevention, DLP, encryption, hitech act
Electronic protected health information (PHI) lives on your network in many places: file shares, e-mail systems, databases, proprietary EHR, and practice management applications to name a few. It’s important to understand where this data is stored on your network so that you can properly secure it. Although encryption should be considered its important to have peace of mind in knowing that data containing unencrypted PHI does not leave your internal network or outside of a secure wide area network.
New technologies from data leakage prevention (DLP) vendors have made easy as ever to monitor your network for PHI. DLP solutions can alert you when PHI is leaving your network and some can even block and prevent it from leaving your network. For example, a user connecting to her Gmail account in an attempt to send an unsecured (and perhaps unauthorized) email with an attachment containing PHI is one of the major fears of any IT security executive. Another example: a user can also connect to one of many file transfer portals like drop.io, dropbox.com, and even mainstream ftp servers, to move documents containing PHI off your network.
DLP products are sometimes used with web proxys to detect and even block electronic PHI from leaving your network. Investigating this technology for our network could be time well spent and save you from a potential compliance headache.