Oracle Security Governor is a unique, comprehensive security governance solution that provides healthcare organizations with both retrospective and proactive detection and prevention of security and privacy breaches. Oracle Security Governor’s risk monitoring capabilities, through the use of analytics and reporting, provide complete visibility into data and application access and suspicious insider activity, which help to meet regulatory compliance needs.
Patient confidentiality is the biggest growing concern today for healthcare organizations. The availability of electronic health records and the ability to access these records using various devices without any geographic limitation have significant security implications. Further, compliance with government regulations can be time consuming and cost-intensive. In order to address these concerns, healthcare providers must implement solutions that provide secure access to clinical applications and protect the underlying IT infrastructure from misuse by insiders and identity thieves. Such a solution must be scalable and reusable in a healthcare IT environment that is typically complex and heterogeneous.
Oracle Security Governor helps deliver significant benefits to a healthcare organization. Some of these benefits include:
APTEC Implementation Experience
APTEC is the only Oracle Security implementation partner experienced with planning, designing and implementing Oracle Security Governor into healthcare institutions.
Since Oracle Security Governor was released in 2010, APTEC has been working with healthcare institutions to provide them with the ability to monitor, notify, audit, and report out-of-compliance user access to critical and sensitive patient data housed in a multitude of clinical systems and databases. We work with our clients to determine what use cases and systems should be included in the initial phase of the project, and how those use cases will map to policies and rules that can either proactively or silently monitor user behavior.
Typically, we phase the Oracle Security Governor solution into the organization by initially enabling only reporting capabilities to “silently” monitor user behavior for a set of internal clinical and IT systems in real time, and create end user warnings and multi-tier management notifications in conjunction with each policy and rule. Frequently, the use cases we develop cover common compliance scenarios that directly relate back to HIPAA and HITECH requirements, like unauthorized access to “VIP” records, patient records being accessed by a neighbor or relative, patient records being accessed by a physician who has no history with the patient, records that are accessed at an abnormally high frequency, etc.
We can configure Oracle Security Governor to place accurate tolerance thresholds on activity that reflect suspicious user behaviors, and target specific records and data types that are relevant to the clinical institution. As our clients become more familiar with the technology’s ability to monitor and record activity, we are able to collaboratively enhance the solution and expand its footprint and capabilities to more proactively deter inappropriate user access.
To learn more about our first-hand experience deploying Oracle Security Governor, and to give us an opportunity to recommend an Oracle Security Governor implementation scope that makes sense for your organization, please feel free to Contact Us for more information.