Take the Next Step

Request More Information

Browse the Resource Center

Attend a Live Webinar

Healthcare Providers

The ARRA-HITECH Act of 2009 and new state privacy laws are reinforcing HIPAA and the need for ePHI privacy. These regulations also call for Electronic Health Records (EHR) to reduce the administrative cost of delivering healthcare. Along with increased efficiency, electronic records introduce greater risk to patient data privacy. As healthcare providers launch online portals to accept payments they are also being targeted for identity theft. Providers also face more frequent audits and the real risk of civil lawsuits and loss of patient trust. Effectively addressing these problems requires comprehensive monitoring of all user, application, and system activity on provider networks.

ArcSight is used by leading healthcare providers to:

• Cost-effectively demonstrate compliance with HIPAA, state data breach laws, PCI and other regulations
• Protect patient privacy including medical records, credit card information, and other PII
• Reduce the risk of data breaches including negative publicity and loss of patient trust

The ArcSight protection suite for healthcare is designed to address the monitoring challenges unique to healthcare provider environments.

• Vast Ecosystem – medical records need to be viewed by various users in different roles across departments (nurses, doctors, lab technicians, research affiliates, billing departments etc). ArcSight’s user role model and identity management integrations enable it to detect privacy violations across hospital users, applications and infrastructure.
• Numerous Applications – Specialized departmental (oncology, radiology, billing etc) applications from distinct vendors are common in hospitals, making it harder to track a given user (nurse, doctor, billing manger). Arcsight can track all application identities back to a unique user to detect problems like nurse snooping, VIP records access etc.
• Online Wellness / Payment Portals – Providers are launching online wellness and payment portals which are targets of external attacks by identity thieves. ArcSight monitors web infrastructure and underlying data repositories for known vulnerabilities, common attack vectors, and unauthorized access.
• Physical Security – The open nature of hospitals enables allows employees access to expensive medical equipment, pharmacy storage, research labs etc. ArcSight can uniquely correlate physical access (badge readers) with logical access to protect critical hospital infrastructure.
• Cross-regulatory Compliance – ArcSight offers pre-packaged content to streamline and automate HIPAA and PCI audits. ArcSight also offers best practices monitoring content based on ISO 27002 to support other regulations such as state privacy laws that impact healthcare providers.