Cloud Security Data Protection for Healthcare, Medical & Pharmaceuticals

The healthcare industry relies on the cloud to store vast amounts of sensitive information, which must be secured in compliance with a complex web of regulations and privacy laws.

Learn why some of the world’s largest Medical Device, Pharmaceutical and Healthcare Insurers rely on Blue Coat to secure their clouds.

 

Overview

Healthcare providers, medical device manufactures and pharmaceuticals know that the patient data traversing their systems is amongst the most sensitive and regulated data in the world. In addition to sector specific regulations – such as HIPAA in the United States – many countries and regions have data privacy guidelines, such as PEPIDA and FOIPA in Canada and EU Data Privacy in Europe, that also regulate the flow and access right to medical data.

Healthcare and The Cloud

Cloud adoption makes an already complicated IT Security scenario even more challenging. Public cloud SaaS applications, for all of the benefits they bring an organization; introduce new questions associated with data location, data access, data regulations and data security. Cloud professionals know that trying to trace where data elements are flowing throughout their lifecycle (transmission, processing and storage) is a daunting task.

So how can healthcare organizations take advantage of all the public cloud has to offer while never placing regulated and confidential information outside of their control?

Cloud Data Protection for HealthcareCustomer Case Study

Fortune 100 Healthcare IT and Medical Products Company Moves Patient Data to the Cloud with Blue Coat and Salesforce.com

Patient Data Stays local; replacement tokens processed and stored in cloud; enterprise end users and patients have full access to required information when using Salesforce.

 

Challenge

This global provider of medical products and services has a policy of trying to adopt cloud technologies wherever possible in an effort to boost the efficiencies and effectiveness of their solution offerings. Of course, given the industry the organization operates in, data privacy and compliance professional work closely with IT and Development to ensure that any cloud use complies with the regulatory guidelines they must follow in each country they operate in around the globe.

A large business area within the company was developing a new version of its solution that is used by healthcare clinics to organize and manage clinic and patient information (and images). The team wanted to leverage specific aspects of Salesforce.com’s cloud Gateway within their solution offering, but compliance and privacy partners identified a number of concerns that both they and the clinics using the solution would have from a data privacy compliance perspective.

The product team needed to architect a solution that showed that all regulated PHI would remain in their managed service datacenters that operated the product on behalf of the clinics using the service. Said another way, all regulated data needed to stay completely out of the cloud. And the cloud application’s functionality – Salesforce.com in this instance – could not be adversely impacted. Users of the system in the clinics needed to have full access to the information just as if it where all truly stored in Salesforce.com!

Solution

The company solved this challenge by working with Blue Coat to tokenize all PHI and documents/images to ensure they remain in-county within an audited and compliant datacenter. Only replacement tokens being sent to Salesforce.com’s datacenter.

On a document or field level, sensitive data that needs to be protected is replaced with a surrogate tokenized value before it leaves the enterprise’s control. Only the replacement token value is processed and stored in the Salesforce cloud, so enterprises can be assured that information is meaningless if it is accessed by any unauthorized individual or parties. It is important to note that the method of tokenization deployed within the Blue Coat Cloud Data Protection Gateway employs the strongest approach recommended by the PCI DSS Security Council, one where the replacement tokens have no mathematical link to the original clear-text values, documents or images. And best of all, the Blue Coat Gateway ensures that the critical Salesforce functionality that the company’s solution was depending on, such as the ability to Search on patient names that had been tokenized, is retained.

Resources

Cloud Data Protection Gateway Datasheet
Cloud Data Protection Gateway Encryption Solution Brief
Cloud Data Protection Gateway Tokenization Solution Brief