Just what the doctor ordered
Technology is changing how providers and payers deliver healthcare, but the sensitivity of health information hasn’t changed. HIPAA and HITECH require organizations to safeguard the confidentiality, availability, and integrity of protected health information (PHI) and new mandatory disclosure rules mean that any exposure of data can result in fines, loss of business, and litigation. As a result, healthcare organizations need security controls to ensure data in the cloud is protected from theft or loss. McAfee helps you enforce your security and compliance policies so you can securely enable cloud services, thereby complying with regulatory requirements and internal policies.
How McAfee Helps
Gain complete visibility into the size and risk of cloud usage
The average healthcare organization uses 780 cloud services, many of them unknown to IT. McAfee discovers all cloud services in use and provides detailed risk ratings for each service, enabling you to quickly understand the risk to your organization such as Heartbleed-vulnerable services and how your risk compares with peers in the industry.
Control the flow of protected health information
McAfee extends your data loss prevention policies to data in the cloud, ensuring that protected health information (PHI) and other sensitive data is not stored or shared in the cloud in violation of policies. For example, McAfee can prevent a hospital employee from entering patient data in Google Docs or sharing of a sensitive document in Box to an external party.
Nullify breach notification requirements
Organizations are exempt from the HIPAA breach notification rule if breached data was made indecipherable using encryption. McAfee encrypts data in the cloud using your own encryption keys, rendering protected data indecipherable to all third parties including the cloud provider and removing the costly breach notification requirement.
Find and close enforcement gaps
Many companies block certain high-risk services as defined by their security and compliance policies. However, these policies are inconsistently applied due to the introduction of new cloud service URLs, inconsistent policies across firewalls and proxies, and exception sprawl. McAfee identifies these policy enforcement gaps and leverages your existing firewall and proxy infrastructure to close them – via user coaching, allowing partial access such as read-only access, and blocking.
Deploy Coarse and Granular Security Policies
Manage “shadow IT’ by enforcing coarse and granular access control policies leveraging your existing firewalls and proxies. For example, block access to high-risk services or educate employees to use company-sanctioned services or enable read-only access to social media sites.