Case study

US primary healthcare system CommuniCare, chooses FileAudit for HIPAA and PCI DSS compliance

  • Customer

    CommuniCare Health Centers

  • Industry

    Healthcare

  • Geography

    United States

FileAudit does exactly what it says on the tin. It monitors and audits how files are accessed by employees on a granular level based on their job function.

Sebastian Hernandez,
Information Systems Manager of CommuniCare Health Centers

CommuniCare Health Centers is a full-service primary healthcare system with 14 locations serving Bexar, Kendall and Hays counties in the state of Texas, USA. The centre offers an array of services including paediatric and family medicine, senior care, woman’s health, dental and behavioural health.

The organisation has 450 employees including highly-trained healthcare providers who need access to electronic health records to deliver integrated primary care. It is therefore imperative for all locations to meet and exceed national compliance requirements including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for patient information and Payment Card Industry Data Security Standard (PCI DSS) for any patient payment information.

Part of CommuniCare’s security strategy is to have a layered approach to its network with access to files restricted based on job function.

The Challenge To track abnormal user access and movement of electronic health records


The HIPAA regulations require health care providers to develop and follow procedures that ensure the confidentiality and security of protected health information when it is transferred, received, handled, or shared. As a healthcare organisation dealing with confidential patient data, CommuniCare required a solution that will help monitor the access and movement, including reading and writing, of files on its network.

The software solutions that the IT team had previously implemented to help monitor access to files did not meet the granular level that was required to safely manage and monitor file access.

Some of the employees at the healthcare centre are data owners, which means that they are effectively network administrators who have the ability to create, edit, modify, share and restrict access to data. But not all of these data owners are IT-savvy so CommuniCare specifically wanted to find a security solution that was suitably robust, yet very easy to use.

The Solution Granular access security to meet regulatory compliance alongside easy transparency for data owners who are not tech-savvy


CommuniCare’s IT team discovered IS Decisions’ FileAudit solution after a comprehensive audit of product reviews in the media.

FileAudit offers real-time monitoring of file access making it easy to see what’s happening with data, when it happens, so action can be taken if any suspicious activity is detected. Its reporting features were also granular enough to meet the IT team’s file auditing requirements. This granular level of access management helped CommuniCare meet and exceed the regulatory requirements of both HIPAA and PCI DSS. However, FileAudit was also ideal for the non IT-savvy data owners who need to easily read and analyse normal types of logs.

FileAudit

During the 30-day trial, the IT team monitored two different servers and had time to familiarise themselves with the reporting and real-time auditing processes. The team took a couple of days to familiarise themselves with FileAudit and how it works, but the implementation itself took no more than 20 minutes. The trial helped CommuniCare make the decision to purchase full FileAudit licences.

The Benefits A robust security solution that is simple to use


FileAudit can provide a baseline of activity for each user which helps in identifying file reads and writes that are not normal. Once there is a clear picture of user activity, it is easy to detect abnormal behaviour. If an alert is received showing that there is an unusually high number of file reads for example, the IT team will be able to immediately stop the threat.

Sebastian Hernandez, Information Systems Manager of CommuniCare Health Centers said: “FileAudit does exactly what it says on the tin. It monitors and audits how files are accessed by employees on a granular level based on their job function. The user interface is very well designed so you don’t have to be tech savvy to use it which was important to our administrators who don’t have an IT background.”

CommuniCare started using FileAudit in the beginning of 2016 and is currently on version 5.

  • 30-day free trial

    Get your 30-day free trial now and secure your Windows network with FileAudit

    Download free trial

    Learn more about FileAudit

  • Challenge

    As a healthcare organisation dealing with confidential patient data, CommuniCare Health Centers required a solution to track abnormal user access and movement of electronic health records.

  • Solution

    FileAudit’s real-time and granular access security makes it easy to see what’s happening with data, when it happens, so action can be taken if any suspicious activity is detected.

  • Result

    FileAudit helps CommuniCare meet and exceed the regulatory requirements of both HIPAA and PCI DSS.

Video Presentation
FileAudit video Watch the video
Some other FileAudit customers