IT Service Desk Supervisor
First Choice Health
First Choice Health is a managed care services provider that distributes their array of healthcare products and services to over one million people in the United States. An innovative alternative to traditional healthcare, the First Choice network helps to reduce costs whilst maintaining quality and convenience.
As part of the healthcare industry, First Choice Health faces the unique challenge of complying with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and balancing the need for quick access & simple movement of information. Alerted by the frequency of ransomware attacks on healthcare providers and hospitals over the past few years, the company decided that security measures must be strengthened and that a new data loss prevention software would be needed to accomplish this. In evaluating possible solutions, a key criterion was to find a technology that would comply with the HIPAA regulations. According to this requirement, companies that deal with protected health information (PHI) must have the physical, network, and security measures in place in order to deliver sensitive patient data protection.
In essence, First Choice needed something that would recognize and protect patient data in all forms (structured/unstructured, emails, scans, etc), while providing a platform for data to be shared securely amongst the relevant individuals. By taking on the responsibility of looking after sensitive information, the company has a duty to its clients to ensure that this is kept in safe-hands.
After examining countless potential solutions, First Choice decided to try-out CurrentWare’s AccessPatrol on a 14-day trial license.
Once the deployment of the technology was completed, the first step for First Choice’s IT team was to completely block access to all endpoints before “whitelisting” certain authorized devices, such as USBs and external hard drives using the AccessPatrol allowed list. With regard to the next steps, the flexibility of the software mitigated any complications that may have been caused by more intricate requirements. For instance, it was simple to grant “read-only” access to photographers from the HR team who needed to plug their cameras into the computers. Similarly, infrastructure computers could be granted individual permissions with the click-of-a-button.
“With AccessPatrol, we’re certain we’re meeting today’s cybersecurity standards whilst maintaining immediate, reliant access to patient records so we can keep delivering a high-quality service to our clients.”
Another important objective for First Choice was to gain an insight into how employees at the company had been handling sensitive data. As such, daily email reports were set-up to indicate where and when each file has been modified. Regularly reviewing these reports were pivotal to minimizing threat propagation in case of an incident.
As healthcare-related hacking incidents continue to rise, and with many workers remaining oblivious to the risk of sending unprotected files across the network, the confidence that sensitive patient data is safe and secure has brought great peace of mind to the First Choice Health Network.
Indeed, the sentiment of being able to set the software and forget it is a great testament to the unobtrusive nature of how AccessPatrol operates. As testified by various First Choice employees, the software works in the background without slowing down the pace of their busy healthcare environment. Important information can be accessed just as quickly and easily as ever.
“The user-friendly interface meant we were able to get the software up-and-running extremely quickly. It worked perfectly and provided all of the functionality we were looking while also helping us comply with HIPAA.”