US primary healthcare system CommuniCare, chooses FileAudit for HIPAA and PCI DSS compliance

  • Customer

    CommuniCare Health Centers

  • Industry

    Healthcare

  • Geography

    United States

FileAudit does exactly what it says on the tin. It monitors and audits how files are accessed by employees on a granular level based on their job function.

Sebastian Hernandez,
Information Systems Manager of CommuniCare Health Centers

  • Challenge: As a healthcare organisation dealing with confidential patient data, CommuniCare Health Centers required a solution to track abnormal user access and movement of electronic health records.

  • Solution: FileAudit’s real-time and granular access security makes it easy to see what’s happening with data, when it happens, so action can be taken if any suspicious activity is detected.

  • Result: FileAudit helps CommuniCare meet and exceed the regulatory requirements of both HIPAA and PCI DSS.

CommuniCare Health Centers is a full-service primary healthcare system with 14 locations serving Bexar, Kendall and Hays counties in the state of Texas, USA. The centre offers an array of services including paediatric and family medicine, senior care, woman’s health, dental and behavioural health.

The organisation has 450 employees including highly-trained healthcare providers who need access to electronic health records to deliver integrated primary care. It is therefore imperative for all locations to meet and exceed national compliance requirements including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for patient information and Payment Card Industry Data Security Standard (PCI DSS) for any patient payment information.

Part of CommuniCare’s security strategy is to have a layered approach to its network with access to files restricted based on job function.

The Challenge To track abnormal user access and movement of electronic health records

The HIPAA regulations require health care providers to develop and follow procedures that ensure the confidentiality and security of protected health information when it is transferred, received, handled, or shared. As a healthcare organisation dealing with confidential patient data, CommuniCare required a solution that will help monitor the access and movement, including reading and writing, of files on its network.

The software solutions that the IT team had previously implemented to help monitor access to files did not meet the granular level that was required to safely manage and monitor file access.

Some of the employees at the healthcare centre are data owners, which means that they are effectively network administrators who have the ability to create, edit, modify, share and restrict access to data. But not all of these data owners are IT-savvy so CommuniCare specifically wanted to find a security solution that was suitably robust, yet very easy to use.

The Solution Granular access security to meet regulatory compliance alongside easy transparency for data owners who are not tech-savvy

CommuniCare’s IT team discovered IS Decisions’ FileAudit solution after a comprehensive audit of product reviews in the media.

FileAudit offers real-time monitoring of file access making it easy to see what’s happening with data, when it happens, so action can be taken if any suspicious activity is detected. Its reporting features were also granular enough to meet the IT team’s file auditing requirements. This granular level of access management helped CommuniCare meet and exceed the regulatory requirements of both HIPAA and PCI DSS. However, FileAudit was also ideal for the non IT-savvy data owners who need to easily read and analyse normal types of logs.

FileAudit

During the 20-day trial, the IT team monitored two different servers and had time to familiarise themselves with the reporting and real-time auditing processes. The team took a couple of days to familiarise themselves with FileAudit and how it works, but the implementation itself took no more than 20 minutes. The trial helped CommuniCare make the decision to purchase full FileAudit licences.

The Benefits A robust security solution that is simple
to use

FileAudit can provide a baseline of activity for each user which helps in identifying file reads and writes that are not normal. Once there is a clear picture of user activity, it is easy to detect abnormal behaviour. If an alert is received showing that there is an unusually high number of file reads for example, the IT team will be able to immediately stop the threat.

CommuniCare started using FileAudit in the beginning of 2016.

FileAudit does exactly what it says on the tin. It monitors and audits how files are accessed by employees on a granular level based on their job function. The user interface is very well designed so you don’t have to be tech savvy to use it which was important to our administrators who don’t have an IT background.

Sebastian Hernandez
Information Systems Manager of CommuniCare Health Centers

20-DAY FREE TRIAL

Get your 20-day free trial now and secure your Windows network with FileAudit

Free Trial Discover FileAudit

More Case studies?

Read more reviews from our FileAudit customers.

Discover