The University of Texas (UT) Health Science Center at Houston completed a network upgrade to protect and encrypt personally identifiable patient and employee financial information, electronic protected health information (EPHI) and intellectual property.
In order to ensure compliance with the Title II requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), UT Health Science Center selected Vormetric's CoreGuard Information Protection System to secure sensitive and confidential personal information used in its treatment and research.
HIPAA specifically addresses the security and privacy of health data, requiring health care providers and services to maintain reasonable and appropriate administrative, physical and technical safeguards to ensure the security or integrity of electronic health information.
According to Gartner research analyst Thomas Handler, "Security and confidentiality must be guaranteed, while balancing the need for legitimate access to records. In light of HIPAA regulations and rising consumer concern over privacy and confidentiality, a computer-based patient record system must have very robust security measures and technology."
"We have always taken the protection of our sensitive information seriously, but we wanted to completely ensure the integrity of our data by implementing another layer of security on our locally-attached storage," said Kevin Granhold, director of server and desktop services.
Granhold said that the policy-based Vormetric CoreGuard Information Protection System helped to secure the organisation's electronic assets without affecting the rest of its network environment or the performance of its IT infrastructure: "It also lets us easily extend information protection throughout our environment as new requirements arise."
Using the system's context-aware access control, UT is able to define the allowed user/application access combinations, the types of permissible access, and the locations from where data can be accessed, as well as whether the data is in encrypted or cleartext form.
Vormetric's MetaClear encryption feature is used to encrypt file content without encrypting the file system metadata, so allowing UT's administrators to manage data without first having to decrypt it, which would expose data in the clear at the backup server.