Case Studies: Healthcare
Healthcare
|
 |
|
||||||||||
Situation
Our client, Bert Fish Medical Center, a busy community hospital in New Smyrna Beach, Florida, was searching for a way to provide diverse user groups working from outside the hospital with secure remote administration for critical systems and devices, and to satisfy enforcement and reporting requirements for HIPAA compliance. Physicians and internal employees typically needed secure remote access to proprietary medical applications as well as general business applications like MS Office. Third-party vendors needed secure access to the critical infrastructure in order to provide remote administration and support for their internal applications and equipment. IT administrators needed a more efficient way to provide secure remote administration of critical infrastructure to meet service level commitments. Bert Fish Medical Center management needed comprehensive reporting to prove HIPAA compliance for internal and external auditors.
Challenges
The hospital was using a remote access solution that made meeting stringent security requirements and service levels complex and costly to administer, and compliance with HIPAA regulations very difficult. Using an IPSec Client caused the following challenges:
- Access via the IPSec Client was not granular enough; once users were granted access to their authorized piece of critical infrastructure, it was a significant challenge to keep them from gaining access to unauthorized systems and equipment.
- Providing remote access was less efficient than it could be, because the IPSec Clients needed to be installed and configured individually on any remote system that required access. If the client was not present on the remote system, it was necessary to transmit the install package to them.
- The use of IPSec clients gave the end user direct access to the medical center's network, and also made it difficult to protect the medical center's IT infrastructure from virus/malware attacks, since the remote end system was considered a trusted entity in their network as an end point.
- This IPSec solution was hosted by a third party, at a cost to Bert Fish Medical Center of $20 per month per user.
Xceedium was brought in to provide secure remote administration that compartmentalizes and contains high-risk users within authorized areas only, to enable efficient administration of critical infrastructure without the need for installation of additional software at every remote location, and to provide data security and comprehensive reporting for HIPAA compliance.
The Xceedium Solution
The Xceedium GateKeeper™ solution immediately met the needs of the medical center by resolving the four major issues above. An Xceedium GateKeeper was installed in their environment to facilitate secure and efficient remote access. The medical center tied authentication to the GateKeeper to a pre-existing radius server (which checked against their domain controller), eliminating the need to maintain separate passwords for remote access.
Because the Xceedium GateKeeper is a clientless solution requiring only a Java-enabled browser for access, the need for client installation and configuration was eliminated. Xceedium GateKeeper employs a DAPE (Deny All, Permit by Exception) access methodology, so the end user only has access to systems and devices that an administrator explicitly authorizes. Access may be limited to a specific service on a particular device, providing the granular level of enforcement required. Additionally, the end-user never becomes a part of the internal network, as the services are brought to the client desktop through Xceedium's reverse-encrypted port tunneling methodology, all but eliminating the chance of a virus/malware attack and making it easier to remain HIPAA compliant.
Business Benefits
As a direct result of implementing the Xceedium GateKeeper solution, Bert Fish Medical Center realized the following benefits:
- Easy policy enforcement at a granular level and containment of users within authorized areas, so they only see those systems and devices that they are authorized to work on.
- Central management of access for the administrator at the hospital, who is now able to set up each new user in only few moments, and maintain easily.
- Comprehensive infrastructure protection, so that sensitive data is less vulnerable to attack from malicious software.
- The system is easy to implement and maintain, leading to cost savings by eliminating the hosting charge associated with the hospital's previous remote access solution.
- The efficiency of the Xceedium GateKeeper allowed the hospital to provide enhanced business services to a broader community of users.
- Automated compliance reporting is available, making it easier to achieve compliance with important HIPAA Security Rules.
Efficient, secure remote access and comprehensive reporting for HIPAA compliance are now essential parts of the business model at Bert Fish Medical Center, thanks to elimination of the recurring costs, administrative effort and data vulnerability that existed prior to implementing their Xceedium GateKeeper solution. The hospital now has more than 250 remote users registered and regularly accessing the critical IT infrastructure via the Xceedium GateKeeper.