Technology is changing how providers and payers deliver healthcare, but the sensitivity of health information hasn’t changed. HIPAA and HITECH require organizations to safeguard the confidentiality, availability, and integrity of protected health information (PHI) and new mandatory disclosure rules mean that any exposure of data can result in fines, loss of business, and litigation. As a result, healthcare organizations need security controls to ensure data in the cloud is protected from theft or loss. Skyhigh helps you enforce your security and compliance policies so you can securely enable cloud services, thereby complying with regulatory requirements and internal policies.
The average healthcare organization uses 780 cloud services, many of them unknown to IT. Skyhigh discovers all cloud services in use and provides detailed risk ratings for each service, enabling you to quickly understand the risk to your organization such as Heartbleed-vulnerable services and how your risk compares with peers in the industry.
Skyhigh extends your data loss prevention policies to data in the cloud, ensuring that protected health information (PHI) and other sensitive data is not stored or shared in the cloud in violation of policies. For example, Skyhigh can prevent a hospital employee from entering patient data in Google Docs or sharing of a sensitive document in Box to an external party.
Organizations are exempt from the HIPAA breach notification rule if breached data was made indecipherable using encryption. Skyhigh encrypts data in the cloud using your own encryption keys, rendering protected data indecipherable to all third parties including the cloud provider and removing the costly breach notification requirement.
Many companies block certain high-risk services as defined by their security and compliance policies. However, these policies are inconsistently applied due to the introduction of new cloud service URLs, inconsistent policies across firewalls and proxies, and exception sprawl. Skyhigh identifies these policy enforcement gaps and leverages your existing firewall and proxy infrastructure to close them – via user coaching, allowing partial access such as read-only access, and blocking.
Manage “shadow IT’ by enforcing coarse and granular access control policies leveraging your existing firewalls and proxies. For example, block access to high-risk services or educate employees to use company-sanctioned services or enable read-only access to social media sites.
Based on anonymized data from over 1.6 million healthcare employees, this is the definitive guide to cloud adoption and risk statistics for healthcare organizations.Download Now