U.S. primary healthcare system CommuniCare chooses FileAudit for HIPAA and PCI DSS compliance
- CommuniCare Health Centers
- Healthcare
- United States
)
)
)
)
CommuniCare Health Centers is a full-service primary healthcare system with 14 locations serving Bexar, Kendall and Hays counties in the state of Texas, USA. The centre offers an array of services including paediatric and family medicine, senior care, woman’s health, dental and behavioural health.
The organisation has 450 employees including highly-trained healthcare providers who need access to electronic health records to deliver integrated primary care. It is therefore imperative for all locations to meet and exceed national compliance requirements including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for patient information and Payment Card Industry Data Security Standard (PCI DSS) for any patient payment information.
Part of CommuniCare’s security strategy is to have a layered approach to its network with access to files restricted based on job function.
"FileAudit does exactly what it says on the tin. It monitors and audits how files are accessed by employees on a granular level based on their job function."
Sebastian Hernandez - Information Systems Manager
U.S. HIPAA compliance standards require health care providers to develop and follow procedures that ensure the confidentiality and security of protected health information when it is transferred, received, handled, or shared. As a healthcare organisation dealing with confidential patient data, CommuniCare was looking for a solution to help monitor file access and movement, including reading and writing, of files on its network.
The file auditing software the IT team had previously implemented to help monitor file access wasn't granular enough to safely manage and monitor file access.
Some employees are data owners, which means they are effectively network administrators who can create, edit, modify, share, and restrict access to data. But not all of these data owners are IT-savvy, so CommuniCare specifically wanted to find a security solution that was suitably robust, yet very easy to use.
The Solution
CommuniCare’s IT team discovered IS Decisions’ FileAudit after a comprehensive audit of product reviews in the media.
FileAudit offers real-time monitoring of file access making it easy to see what’s happening with data, and when it happens, so IT can take action if any suspicious activity is detected.
FileAudit's reporting features were also granular enough to meet the IT team’s file auditing requirements.
This granular level of file access management helps CommuniCare meet and exceed the regulatory requirements for both HIPAA and PCI DSS.
What's more, FileAudit is also ideal for non-IT-savvy data owners who need to easily read and analyze normal types of logs.
During the 20-day trial, the IT team monitored two different servers and had time to familiarise themselves with the reporting and real-time auditing processes. The team took a couple of days to familiarise themselves with FileAudit and how it works, but the implementation itself took no more than 20 minutes. The trial helped CommuniCare make the decision to purchase.
FileAudit provides a baseline of activity for each user which helps in identifying file reads and writes that are not normal. Once IT has a clear picture of user activity, it's easy to detect abnormal behavior. If they receive an alert showing an unusually high number of file reads, for example, the IT team ca react to immediately stop the threat.
CommuniCare started using FileAudit in 2016.
"FileAudit does exactly what it says on the tin. It monitors and audits how files are accessed by employees on a granular level based on their job function. The user interface is very well designed so you don’t have to be tech savvy to use it which was important to our administrators who don’t have an IT background."
Sebastian Hernandez - Information Systems Manager