GlobalSign® Solutions

The Healthcare industry is a challenging environment in which to provide effective security. Healthcare organisations confront increasing pressures to meet strict budgets and regulations and to ensure patient care is optimum. To close the gap between strict budgets and responding to the mandate to deliver optimum patient care, effectiveness of process is relied upon. On top of this, healthcare organisations also face the pressures of meeting standards, changing regulations, gaining competitive leadership, and upholding patient related information as strictly confidential.

Organisation Drivers
Healthcare organisations are highly paper intensive and budget restricted. To achieve greater efficiency, a proposed solution is to automate business processes, streamline communications and reduce the volume of paperwork. As a result, healthcare organisations aim for patient satisfaction levels to increase whilst ensuring that privacy and confidentiality of information are secured. Given automation, healthcare organisations need to make sure their network infrastructure are secure from prying eyes. Patients are more conscious about the protection of their personal data, even more so within healthcare organisations which hold highly confidential details regarding an individual's medical status.

Regulatory Compliance
All healthcare organisations are required to comply with numerous Government stipulated regulations regarding security of networks, documents and information. These include the Health Insurance Portability and Accountability Act (HIPAA), the Food & Drug Administration Code of Federal Regulations (FDA CFR) and the Sarbanes-Oxley Act (SOX). It is therefore significantly important that healthcare organisations have the necessary security policies in place to allow these regulations to be firmly met.

HIPAA 1996 - set national standards regarding privacy and security of medical records designed to improve the efficiency of the healthcare system by encouraging widespread use of electronic data interchange, rather than by paper based methods. HIPAA requires healthcare organisations to conduct thorough IT risk assessment as well as develop and implement a plan for improving and maintaining security.

FDA 21 CFR Part 11 1997 - defines the principle of which electronic records and digital signatures are considered to be trustworthy, reliable, and equivalent to paper records. These standards for use of electronic records and digital signatures were introduced as a response to soaring costs associated with managing the distribution, storage, and retrieval of records – particularly in the healthcare industry where budget could to be allocated to more beneficial resources. Additionally, security concerns surrounding wet ink signatures emerged as it became evident that these signatures including the content they were assigned to could be easily falsified.

SOX 2002 - requires publicly listed companies to implement and maintain increased controls with regards to financial reporting processes in response to serious accounting scandals of the past. Public organisations must provide an annual internal control report stating the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.