Healthcare System Secures Research Database of Electronic Medical Records

Healthcare System Secures Research Database of Electronic Medical Records

Company Overview

A university healthcare system featuring 4 hospitals with over 500 beds, and involved in more than 1,000 medical research projects.

Case Summary:

Industry: Healthcare

Challenge: Provide selected EMR for research compliant with HIPAA regulations and isolate the sensitive research network.

Solution: OPDS-100 data diodes deployed.

Benefits: One-way data flow ensures EMR database network is secure from external cyber threats, while allowing researchers to access authorized PHI.

Cybersecurity Challenge

The healthcare system maintains a database of hundreds of thousands of electronic medical records (EMR) containing Protected Health Information (PHI). To access EMR, hospital personnel use healthcare management software which restricts them to only the patient they are treating. However, university researchers could bypass these software system safeguards and had full access to the EMR database, beyond what was authorized for research – a HIPAA violation. The organization required a controlled way to allow access to authorized EMR for research, in a manner compliant with HIPAA regulations.

Requirements:

  • Create a new isolated and controlled network where researchers can view selected patient records in compliance with HIPAA
  • Preserve EMR access through the healthcare management software for healthcare workers with access privileges

Use Case | Before


Solution

OPDS-100 was selected to isolate the EMR research network and create a subset of research PHI data from the full database. Data diodes enabled deterministic, one-way data transfer of EMR data into controlled research database.

Use Case | After

Deployment

Solutions:

Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.

Results

  1. Created secure, hardware-enforced boundary around the EMR research network, isolating the researchers from the full EMR database
  2. Ensures compliance with HIPAA regulations for EMR & PHI access
  3. Allowed research staff to continue analysis on selected approved patient records
DOWNLOAD RESOURCE ↓