The convenience and benefits derived by patients and healthcare providers by having electronic access to medical records has greatly improved patient care and the ability to provide highly customized, expert treatment protocols. Yet this gain is somewhat offset because the healthcare industry is inundated with policies and compliance acts that healthcare administrators must adhere to and IT department have no choice but to enforce. Mandates related to protected health information (PHI) contained in electronic medical records (EMRs) and Health Information Exchanges (HIE) are at the top of a long list of compliance protocols that rely on technology to reduce consumer privacy risks and protect patient information.

Guidelines are available for healthcare risk management professionals via new compliance drivers such as the 2009 HITECH Act, which extends HIPAA regulations to protect against vulnerabilities in sensitive applications, databases and systems which possess inherent security risks. Based on these drivers, auditors now impose mandatory data breach notifications, heightened enforcement, increased penalties and expanded patient rights to monitor compliance vulnerabilities.

There are rewards, however, for implementing IT security measures to protect patient privacy. On February 13th, 2009 the U.S. Congress passed the American Recovery and Reinvestment Act (also known as the "Stimulus Bill), sending hundreds of billions of dollars of federal funding to lift our economy. A central component of the bill is over $30 billion in rewards for healthcare institutions who bring electronic health records (EHR) into their facilities and use them to improve the health of their patients. As President Obama signed the bill into law, he declared it to be, "the most meaningful step in years towards modernizing our health care system."

Moving to a least privileges environment is a key step in meeting the objective noted above to be eligible for meaningful use credits. This fundamental layer of protection offered by locking down desktops protects the privacy and security of patient data in the EHR and guards medical institutions from unwanted security breeches. Healthcare providers are increasingly turning to Viewfinity for a privilege management solution that adds that extra layer of IT security protection. Viewfinity offers robust reporting that audits and validates activity on sensitive healthcare applications, as well as providing capabilities to monitor privileged users who are enforcing policy rules. The establishment of a Least Privileges environment equates to less vulnerability by hackers, less chance of malware being introduced, and a reduction of the potential of costly security breaches. The end result - increased security and an enhanced ability to earn Meaningful EHR Use credits.

Viewfinity’s healthcare customer, EagleMed, was the winner of the 2011 Info Security Products Best Deployment for Least Privilege Management Compliance. Learn how EagleMed uses Viewfinity Privilege Management to ensure HIPAA compliance.

Info Security Products Guide Awards EAGLEMED LLC Winner of the
2011 Best Deployment Scenario For Least Privilege Management

Viewfinity’s customer EagleMed LLC Selected a Winner for Least Privilege Management Compliance

• Complying with HIPAA, HITECH, State Privacy Laws, e-Discovery and other compliance mandates
• Earning Meaningful EHR Use payment credits (http://www.nycreach.org/site/use)
• Auditing and validating activity on sensitive healthcare applications
• Monitoring privileged users who are enforcing policy rules
• Eliminating security risks by providing administrative rights to Windows applications and processes rather than allowing full administrative rights to end users
• Reducing the probability of malicious and virus attacks on corporate laptops & desktops
• Decreasing server security risks by separating responsibilities and only elevating permissions for appropriate server role to manage the necessary components
• Restricting the use of applications that create security risks
• Managing remote and mobile endpoints so they are in full compliance with corporate policies

• EagleMed
• University Emergency Physicians
• UC Davis Health System
• Insulet Corporation-
• American Board of Oral and Maxillofacial Surgery