GlobalSign® Solutions

The Healthcare industry is a challenging environment in which to provide effective security, with growing pressures to meet strict budgets and regulations it is becoming ever more complex for healthcare organizations to ensure patient care is not compromised as a result. A balance between procedural effectiveness and patient care has to be upheld, especially as today’s healthcare authorities face increasing pressures to meet the standards of competitive healthcare organizations, changing regulations, as well as patient confidentiality.

Organization Drivers
As a highly paper intensive and budget restricted industry, healthcare organizations are striving to achieve greater efficiency by automating business processes, streamlining communications and reducing the volume of paperwork - increasing customer satisfaction levels, whilst ensuring their network infrastructure remains secure. Customers are more conscious about the protection of their personal data, even more so within healthcare organizations which hold highly confidential details regarding an individual’s medical status.

Regulatory Compliance
All healthcare organizations have to comply with numerous Government stipulated regulations regarding security of networks, documents and information. These include the Health Insurance Portability and Accountability Act (HIPAA), the Food & Drug Administration Code of Federal Regulations (FDA CFR) and the Sarbanes-Oxley Act (SOX). It is therefore significantly important that healthcare organizations have the necessary security policies in place to allow these regulations to be firmly met.

HIPAA 1996 - set national standards regarding privacy and security of medical records designed to improve the efficiency of the healthcare system by encouraging widespread use of electronic data interchange, rather than by paper based methods. HIPAA requires healthcare organizations to conduct thorough IT risk assessment as well as develop and implement a plan for improving and maintaining security.

FDA 21 CFR Part 11 1997 - defines the principle of which electronic records and digital signatures are considered to be trustworthy, reliable, and equivalent to paper records. These standards for use of electronic records and digital signatures were introduced as a response to soaring costs associated with managing the distribution, storage, and retrieval of records – particularly in the healthcare industry where budget could to be allocated to more beneficial resources. Additionally, security concerns surrounding wet ink signatures emerged as it became evident that these signatures including the content they were assigned to could be easily falsified.

SOX 2002 - requires publicly listed companies to implement and maintain increased controls with regards to financial reporting processes in response to serious accounting scandals of the past. Public organizations must provide an annual internal control report stating the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.