First Choice Health Protects Patient Data & Meets HIPAA Compliance

As an American healthcare services provider First Choice Health has a duty of care to ensure that the sensitive electronic health records (EHR) of their customers are secured in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

To meet HIPAA compliance, covered entities need to address key vulnerabilities such as the security risks associated with portable storage devices including USB flash drives, mobile devices, and portable hard drives.

Unrestricted access to USB ports facilitates the unauthorized copying of data to removable media and the use of portable storage devices which could be infected with malicious software.

For the healthcare industry as a whole, insider threats pose a significant risk; Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR) found that 58% of data breaches in the healthcare industry involved insiders.

To protect against this prominent threat First Choice Health knew that they needed endpoint data loss prevention software with USB control features.

As a technical safeguard AccessPatrol provides several key protections against portable storage devices:

• Custom Permissions: Assign read-only, no access, and full access for USB devices based on user, device, or organizational unit.
• USB Control: Prevent employees from using unauthorized devices that can be used to transmit ransomware and illicitly exfiltrate data.
• File Transfer Visibility: Alert administrators to suspicious file activity and maintain an auditable log of files that have been copied, created, and deleted on USB devices.

In addition to meeting their USB security requirements, AccessPatrol provides First Choice Health with an easy-to-use interface where they can effortlessly adjust their removable media policies on an as-needed basis. This flexibility was essential for keeping data safe without interrupting the efficiency of patient care.