Universities are facing unique challenges with respect to endpoint data protection. Because of the mix of employees, researchers, students, and visiting professionals, more mobile healthcare data is traveling around on laptops and tablets that are not under direct IT governance. This makes meeting HIPAA compliance requirements challenging without new tools to help address the situation. One of the most common ways for a data breach to occur is when protected health information is lost via a stolen laptop. For example, recently at Howard University Hospital, a laptop was stolen that had protected health information impacting as many as 34,000 patients.
University hospitals are also needing to reevaluate their backup, retention, and data protection processes. Recently, Emory University Hospital breached 315,000 patient records when their old physical backup disks went missing. Backup and retention techniques that are less dependent on physical media is a path to avoiding such incidents.
As university hospitals increasingly move to electronic medical records, there will need to be additional urgency to address endpoint data protection, automated data retention, and secure and auditable access on mobile devices. University IT personnel should look for solutions that can be deployed on university owned equipment as well as BYOD devices. Any solution should be easy to deploy and administer at scale. Solutions should encrypt data on the endpoint before moving across the network and should remain encrypted at all times. Solutions should also be WAN-optimized (through global data deduplication) so as not to tax already strained Wi-Fi networks operating within the hospitals. Finally, your solution should enable you to remotely destroy the HIPAA-sensitive data on the lost or stolen device.
If you are a university hospital IT professional, you can learn more about new tools to address these challenges with Datacastle RED.