A Multifaceted Approach to Healthcare Breach Prevention



A Multifaceted Breach Prevention Approach

Dai Snyder, Delegated Oversight Program Manager of the Care Coordination Institute (CCI) sat down with Marianne Kolbasuk McGee at Healthcare Info Security to discuss Snyder’s multifaceted breach prevention efforts. Listen to the podcast here:

Play Podcast

CCI manages over 4 million patient records, which makes them a target for insider threats and cyber attacks.

“Our breach prevention efforts revolve around three core functions…We have a tight data governance policy” says Snyder. The three core functions include an enterprise content management platform, an identity management application, and a breach detection application:

  • Box for application development and information exchange
  • Microsoft Azure Active Directory for identity management
  • Imprivata FairWarning® for breach detection, monitoring, and alerting for unauthorized access

Imprivata FairWarning’s People Risk Score

CCI uses Imprivata FairWarning Imprivata FairWarning Patient Privacy Intelligence Platform® to monitor all critical applications. The technology creates a “people risk score” which considers user behavior across all applications and generates a risk score.

“People like system administrators have much higher risk scores,” says Snyder.

Imprivata FairWarning® will send off alerts in the event of a user’s unusual behavior. “We’re not running 20 different reports. It’s consolidated into one smooth, clear picture.”

If a user steps outside of usual behavior- an alert is triggered, and access can be shut down.

“With 4 million records we are a target.” Says Snyder “Between Box, Azure, and Imprivata FairWarning® we have a very, very tight data governance policy.”

Snyder is a delegated oversight program manager in the compliance department of the Care Coordination Institute. She has extensive experience in healthcare IT management and helps oversee the security of patient records and manages business and vendor relationships to ensure compliance with regulations.