Crafting the security roadmap

December 28, 2012 by MassDevice

By John D. Halamka, MD

Dr. John Halamka

Per the theme of security assessment I've been posting about, part of crafting a multi-year security roadmap is examining technologies and practices that have limited use in healthcare but are widely deployed in other industries.

Application Security Testing -  Vendor applications including those with FDA 510k approval may have security vulnerabilities.   Testing third party products with source code analysis tools can find defects that are missed by traditional vulnerability scanning software.   Related to Application testing is third party vendor management.   Testing and verifying the security of cloud hosted service providers and business associates is becoming a best practice.

Sign up to get our free newsletters delivered straight to your inbox

Data Loss Prevention - Although many healthcare organizations have strict policies on the use of email, social networking, cloud storage, remote access, and mobile devices, it's increasingly import to have technology in place that enforces policies, preventing users from violating policy by sending data to non-secured locations i.e. sending patient information to a referring clinician who uses Gmail.   Many vendors offer appliances that quarantine, notify, restrict, and manage the flow of email containing person identified information/protected healthcare information.    Related to DLP is a strategy to prevent use of unencrypted storage devices - thumb drives, DVDs, CDs etc.