The 5R’s of healthcare data flow
There’s a well-known safety adage clinicians use in regards to medication management: The right patient, right drug, right dose, and right route, at the right time. This same principle could also apply to data management. You need to make sure the right personnel have the right access to the right healthcare data—to the exclusion of everyone else.
Most organizations have policies and procedures in place to assure privacy, security, and access—but human error, both intentional and unintentional, can still occur. Alarmingly, a recent analysis named healthcare as the only industry in which insider threats (58%) posed the greatest risk to sensitive data.8
Traditional networks operate on the idea that a user inside the network is “safe” and can be trusted. But such “flat” networks, as they’re known, have been the target of hackers, who can easily pose as insiders. Zero-trust assumes that no part of a network is safer than any other.
In this model, you create “whitelists” that allow you to identify specific characteristics of users and devices allowed to access applications and data. For example, in your organization, financial and business associates will likely need different types of access than clinicians.
If you think that developing and applying whitelist policies seems resourceintensive, you’re right. But a technology solution like Cisco Tetration can automate the work, giving you deep visibility into what’s happening on your network, and allowing you to make informed security and operational decisions using behavior analysis. Here’s how a Cisco Executive explains it:
“Enforcing policies—also known as segmentation or microsegmentation—is just one of the steps to get to a Zero-Trust model. First, you need to know what policies you want to enforce. With [Cisco] Tetration, we observe thousands or tens of thousands of your applications and how they behave. We do this not only through the lens of their network communication, but also through the lens of what they do locally in their operating systems: process activity, memory usage patterns, file accesses, privilege escalations, container level granularity, all of which are invisible through the network lens alone.” - Roland Acra, Senior Vice President & General Manager Data Center Networking, Cisco