Public and private healthcare providers need to share large amount of information while guaranteeing that patient data is kept private and secure. They need to ensure that technical solutions that are put in place meet all regulatory compliance requirements while providing ease-of-use for end users. Strict regulatory mandates mean that they need to protect the privacy of patient information being stored at rest on portable devices such as USB flash drives.

Requirements

Typical requirements of healthcare providers looking for a secure portable data sharing solution include:

  • Robust hardware that can be carried by employees
  • Secure storage of patient medical information
  • Access controlled so data is only available in authorised places
  • Centrally managed so that data access can be controlled based on location
  • Cost effective

Solution

ExactTrak’s Security Guardian allows healthcare workers to load a USB flash drive with all of the appropriate patient records and relevant information for each day. This data is turned off by default and can only be accessed when it is in authorised locations, which have been predefined centrally by the security administrator. This means that if the Security Guardian unit leaves the health centre or hospital, it cannot be accessed if it gets into the wrong hands. If the USB flash drive is lost, it can be erased over-the-air without being inserted into a computer connected to the Internet. This ensures that the provider avoids data loss penalties.

A verifiable audit trail can be maintained by the management console so that providers can prove that they have a robust mobile data security policy and can confirm at all times that sensitive data has been secured or destroyed in the event of the hardware being lost or stolen. Advanced geofencing (location based activation) and remote erasing are achieved as a result of Security Guardian including integrated GPS, GSM, RFID and a rechargeable battery.

The use of Security Guardian reduces the need for healthcare providers to supply mobile devices or to roll out expensive bring-your-own-device system which both require expensive infrastructures to ensure privacy and security of patient records.