Faves and raves: Top security and privacy tools for health care IT

Regulatory mandates are driving health care companies to invest in IT security

Healthcare IT spending is projected to hit $34.5 billion in North America this year, according to TBR, as organizations wrestle with healthcare reform, adoption of electronic records, and the proliferation of digital and wireless medical devices.

When we asked IT pros to name their favorite products, a number of respondents weighed in from the healthcare industry, where IT plays a vital role in helping companies enforce operational policies and abide by regulatory mandates.

Dickson Leung, for instance, singled out Co3 Systems’ Privacy Module -- software that tracks privacy-related regulations and breach notification requirements so companies can prepare for and manage any potential privacy incidents.

+ FAVE RAVES: 33 tech pros share their favorite IT products | Tech’s fascinating 50 | Tech CEOs’ first jobs +

“Co3 is robust, cost-effective, and provides me an out-of-band repository and action system for security incident response,” says Leung, who is chief privacy officer and general counsel at HealthEquity, a trustee of health savings accounts. “This is crucial, in particular for an incident response system, because it means that I don't have to worry about the sanctity of my internal system which, after all, may also be breached.”

The system saves time and is reliable, Leung says. “I have confidence in the system — that it guides me as to what information to gather, putting that information into the system, which will then tell me what I need to do, e.g., when I need to send something out, and to whom I need to send it,” he says. “This process saves at least half of a business day, which is a long time in incident response.”

Paul Doucette raved about McAfee’s ePolicy Orchestrator (ePO), which helps Berkshire Health Systems to centralize and streamline management of its security and compliance systems.

The software makes it easy to delegate roles for endpoint policies, encryption admins, and data-loss people, says Doucette, a senior technical security engineer at the Pittsfield, Mass.-based healthcare services provider, which runs multiple facilities including Berkshire Medical Center and Fairview Hospital.

The software’s scalability is important to Berkshire Health Systems, which has 6,000 endpoints and continues to grow, Doucette says. “ePO covers many products with one client agent for delivery and management of polices,” he says.

Dashboards that correlate event, threat, and risk data impressed Edward Pardo, senior IT security engineer at Roswell Park Cancer Institute. “I’m a visual person, and the ability to represent IT data as a dynamic dashboard is a vast improvement over previous methods,” says Pardo, who also wrote in about a McAfee product: the McAfee security information and event management (SIEM) platform.

“With McAfee SIEM, I can consolidate and centralize visibility into our many system management tools. Each area of IT can use the solutions that meet their requirements, while IT Security can minimize the number of solutions we need to be proficient with in order to protect our organization.”

“The time saved in processing raw IT data into actionable events allows us to focus on other important business objectives,” Pardo says. “The appliance platform requires less support for our operations team, which they appreciate. Minimizing the time it takes to prepare reports for audits and compliance benefits the team.”

WAN visibility, storage scalability

Lancope’s StealthWatch won over Michelle Stewart, senior director, IT security & governance, at the American Cancer Society. She cited a number of reasons: its low impact on network bandwidth; easy integration with existing network infrastructure; security analytics; visualization and mapping capabilities; and the ability to correlate identity with network behavior.

“We were able to quickly deploy the StealthWatch solution and get essential and efficient visibility into WAN behavior, as well as baked-in security intelligence. We were able to use it to demonstrate visibility and contextual monitoring of PCI data flows. StealthWatch is now an integral component of our security, compliance and NOC toolkits,” Stewart says.

Nicholas Mooney raved about Interactive Intelligence’s Customer Interaction Center (CIC), a suite of integrated contact center applications. Mooney, a senior network engineer at Medibank Health Solutions, praised the system for its quick setup, customizability, and simplified management and support. Being able to provision multi-channel interaction options, including web chat, e-mail, and two-way SMS, has opened up new business opportunities and revenue streams, he says.

At Riverview Hospital, storage was a bottleneck until the IT team invested in Pure Storage FlashArray. The SSD SAN performs inline compression, deduplication, and encryption of all virtual machine data before writing it to solid state drives, says Jason Pearce, enterprise architect at the Noblesville, Ind., hospital.

“Our hybrid/tiered SSD+HDD SAN was unable to meet the performance requirements of our growing virtual desktop infrastructure. We also had several Microsoft SQL servers running clinical databases that were sensitive to storage latencies,” Pearce says. “By moving both VDI and SQL workloads to the Pure Storage SSD SAN, we easily addressed the performance requirements of both solutions at a price point equal to our existing hybrid/tiered SAN – thanks to the 5.9 to 1 data reduction. We are now moving most of our virtual server and desktop workloads to the Pure Storage SAN, including our most critical and demanding clinical systems.”

The SSD shared storage solution costs the same as a hybrid/tiered SSD+HDD solution, and it’s easier and more enjoyable to administer, Pearce says. “I now love my storage.”

Turning wire data into IT insight

Two IT pros from McKesson teamed up to share their experience with ExtraHop’s wire data analytics platform: Scott Checkoway, director, application hosting, and Doug McMartin, director, managed services development, at the healthcare services company.

“When McKesson first brought in ExtraHop, we were skeptical. A lot of other tools had promised comprehensive visibility into our hosting environment, and yet we always seemed to find ourselves in the dark. The epiphany came when ExtraHop helped to solve long-running performance issues with our applications delivered over Citrix XenApp,” Checkoway and McMartin recalled.

Citrix consultants had failed to identify and remediate the problem after a four-month engagement. With the ExtraHop appliance up and running, McKesson in less than 10 minutes uncovered the root cause of the problem: failed DNS record lookups that were adding significant latency to Citrix launch and load times. “By removing bad records, we saw our average application launch times drop from 40 seconds to 12 seconds — nearly 75% faster.”

Checkoway and McMartin appreciated ExtraHop’s ease of deployment: “After sending traffic to the ExtraHop appliance, we had visibility into our environment immediately, and the product has benefitted numerous teams throughout the organization, including Citrix engineers, DBAs, Active Directory architects, network engineers, virtualization architects, application support teams, and IT management. This visibility has not only helped us troubleshoot and prevent problems, but has strengthened trust between McKesson Managed Services and our clients and even helped us to win new business.”

Troubleshooting is 90% faster now that McKesson is using ExtraHop, and the system has made the company far less reliant on specialist skills, Checkoway and McMartin say.

“We estimate that we’ve saved about $400,000 annually in terms of time spent troubleshooting, and an additional $260,000 in headcount avoidance because we are able to support our growing business by hiring less engineers than under our previous model.”

ExtraHop has also helped reduce SLA penalty payouts. “Before we brought in ExtraHop, problems with the hosting environment meant that we ran afoul of our SLAs with certain customers, resulting in hefty penalties. With ExtraHop, we have the visibility we need to ensure performance under our SLAs, and determine when the problem is stemming from our customer’s environment rather than our own. In turn, we’ve gotten SLA penalty payouts to near zero.”

What’s next?

Looking ahead, healthcare IT pros talked about what’s next. For Leung, it’s deploying a business continuity and disaster recovery system to improve uptime at HealthEquity. Contact center upgrades, including rolling out SMS, are on tap for Medibank Health Solutions.

At Riverview Hospital, IT is beginning to upgrade its VMware vSphere ESXi hosts to support a new 10 gig network. “I’m also enjoying learning more about the Cisco UCS architecture and how that solution may add value to our environment,” Pearce says.”

Read more about security in Network World's Security section.

This story, "Faves and raves: Top security and privacy tools for health care IT" was originally published by Network World.


Copyright © 2014 IDG Communications, Inc.