APRIL 26, 2011 / Issue 16
Featured Article
Compliance and security beyond HIPAA and HITECH: Not what it ‘SIEMs’

 By Brian Singer, Novell
When attempting to streamline your security and event data, an integrated approach that includes identity management is necessary in order to maintain compliance and proactively prevent breaches from occurring.

The Health Insurance Portability and Accountability Act (HIPAA) changed the landscape for how healthcare organizations handle sensitive information. As a result, organizations implemented comprehensive changes and improvements to security practices in the areas of data access protection, storage, monitoring and auditing, along with ongoing assessments of how and by whom data is being accessed.

However, the scope of compliance extends well beyond just meeting HIPPA regulations. Compliance concerns are compounded with HITECH, SAMHSA, COBIT, PCI, etc. Often, organizations implement specific modules for each area of concern – the “a la carte” method, leaving them with a complex, disjointed mix of products and modules that are difficult to manage, inefficient, expensive, have redundant capabilities, leave gaps in coverage and fail to provide the complete visibility required.

The “a la carte” method fails to comprehensively identify new and advanced threats facing the industry. Due to the personal nature of health information, past health data breaches such as AvMed Health Plans and the Philadelphia Family Planning Council have attracted increased scrutiny and sensitivity. A siloed approach to data monitoring prohibits organizations from gaining a holistic view of the threats facing their organization. This means that many advanced threats and abnormal behavior go unnoticed – or are identified after the incident has occurred and customer trust has been compromised.

Healthcare organizations need solutions that cover the broad landscape of compliance and operational requirements. Security information and event management (SIEM) and log management technologies can deliver a unified view of compliance for the entire organization, not just what a particular regulation or standard requires. SIEM and log management require an integrated approach to all logging, monitoring, auditing and reviewing activities for a healthcare organization’s compliance and operational concerns. The results from an integrated approach using SIEM and log management break through the data silos and proactively monitor and deter abnormal user activity. This not only meets compliance requirements more efficiently, but helps protect organizations against the latest threats.

Multi-dimensional approach to healthcare and SIEM
The traditional approach to SIEM and log management focuses on three main areas: operations, security and compliance. In the operations area, SIEM solutions monitor and analyze the health of the network, watching for events that can affect overall performance, failures and availability of the network and servers. In terms of security, SIEM solutions help organizations analyze and assess their risk posture, helping them identify aberrant behavior and potential threats to their infrastructure. Compliance needs are addressed using log management and are traditionally offered as individual modules that address the requirement of individual laws or regulations. For example, a HIPAA module will come with a prescribed set of rules for logging events for HIPAA requirements, while a PCI module has its own set of rules for logging events. The lack of integration between these compliance modules creates complexity, inefficiency, ineffectiveness and functionality gaps.

It is no longer sufficient for traditional SIEM and log management solutions to simply collect logs from network servers, workstations and other devices. The different applications and systems in a healthcare organization might each produce between several hundred and several thousand event logs per minute. That’s simply too much information for a manager to manually compile, digest, analyze and correlate to produce a meaningful report. The complexity and difficulty significantly rises as the number of individuals in the organization increases.

In order to achieve a meaningful, complete healthcare solution, SIEM and log management offerings must break through the data silos and correlate all relevant compliance, operational, security and privacy events from a variety of systems and sources into a single view to give administrators and managers comprehensive visibility into all relevant areas of concern for their entire enterprise. In addition, and most importantly, IT organizations need to tie SIEM and log management events to user identities so they not only know when a certain event occurred, but who was involved in that event.

User identity correlation and normalization
The ability to account for user activity is a much needed component that is noticeably absent from most traditional solutions. The ability to pull together multiple pieces of identity-based information from multiple sources and then automatically normalize and make sense of that information allows organizations to more accurately identify who did what and when – a critical component in terms of satisfying the risk management criteria of new regulations.

To address this lack of user correlation, some organizations might deploy an identity management system in conjunction with their SIEM solution. However, most identity management solutions don’t include the necessary integration with SIEM products required to tie events back to specific users. Unless the SIEM solution provides out-of-the-box identity management integration, organizations will be left to expend significant resources in an attempt to create the level of integration required – if even possible – to provide complete and accurate correlation and normalization process of events based on specific users and their roles.

The challenge of creating this level of integration from scratch is exacerbated by the fact that the identity management system needs to understand all the different usernames and logins that individuals use in all the different applications being monitored by the SIEM.

The most practical way to address this level of user monitoring is to ask solution providers if their SIEM product has the built-in ability to monitor, correlate and normalize individual user activity in all of an organization’s different systems, no matter what the user ID is in that system.

Recent regulations have presented healthcare with an opportunity to streamline their security and event data. While traditional SIEM and log management solutions have done part of the job, an integrated approach that includes identity management is necessary in order to maintain compliance and proactively prevent breaches from occurring. Healthcare organizations that practice an identity-centric, integrated strategy will not only be more secure, but more intelligent in preventing attacks.

About the author
Brian Singer is a senior solution marketing manager for security management, Novell. For more information on Novell: www.novell.com.

Featured Video
CPOE: A physician’s personal story

Successful CPOE adoption is critical for meaningful use. How do you get your physicians on board? View this video to hear from one physician who went from doubter to believer, working with Healthcare Management Systems. Contact HMS directly at 1-800-383-3317 for more information, or visit us at hmstn.com.

arrow View the video

Featured Whitepaper
Strategies to reduce the costs of managing healthcare data

A new whitepaper from BridgeHead Software offers practical advice to hospitals on how to leverage the strengths of data archiving to assist in: eliminating storage silos, optimizing storage assets, enabling data interoperability, ensuring full data protection and providing a quick return on investment – all in a bid to put healthcare IT professionals back in control of their data and storage.

arrow Download the whitepaper

Featured Event
The World Congress Leadership Summit on

May 23 - 24, 2011 | Washington D.C.
Preparation, Positioning and Competitive Advantage
Register by Friday, April 29th and save $100 off the current registration fee with code KYX925! To register, contact us at 800-767-9499 or click here to register online.

EHR Trends
Health IT creates demand for
'medical scribes'

According to a recent article in The Philadelphia Inquirer, the rise in electronic medical records, "which are touted as a way to improve efficiency and quality, slow down emergency medicine physicians so much that the doctors are hiring young people to input data for them."

arrow Read the article

Wireless Event
Ride the next-gen wireless wave

The Wireless-Life Sciences Alliance (WLSA) is bringing together leading industry minds for three days in San Diego to brainstorm and enable the next wave of wireless healthcare. Save May 10-12 for The WLSA Convergence Summit in expanded quarters at the Manchester Hyatt. To register, contact Andrea Parker at andreap@comunicano.com
or click here.

Latest Industry News
CHIME cautions ONC on aspects of federal health IT strategic plan

ACS, a Xerox company, signs $500 million contract with Allscripts to support EMRs

Integration trumps functionality in ambulatory RIS and PACS markets

CHIME applauds selection of Farzad Mostashari, M.D., as new head of ONC

Advanced Endoscopy & Surgical Center selects ProVation for procedure documentation and coding

> > Read All News at HealthMgtTech.com


Resource Guide

Career Builder

Editorial Inquiries

Advertising Inquiries

Website and Newsletter inquiries

Subscription Inquiries

Subscribe to Health Management Technology | Contact the Publisher | Advertise With Us | Privacy Statement

Copyright 2011 NP Communications LLC,
2506 Tamiami Trail North, Nokomis, FL 34275