Chilton Memorial Hospital makes ClearNetwork's ContentCatcher:NSM a "Critical" Component in its HIPAA Compliance

Leaders in Healthcare Excellence and Network Security Team Up

Is there anything more deeply personal than an individual's medical records? In a world where people already shudder at the thought of financial risks like identify theft, imagine what it would be like to have your personal health history get in the hands of the wrong person? While protecting this sensitive data has always been the concern of healthcare providers, years ago it was far easier to lock the files in a file cabinet. Today, with the explosion of the Internet as our preferred means to exchange data, every computing network is fraught with vulnerabilities that could mean that file cabinet isn't actually locked.

This trepidation was shared by Chilton Memorial Hospital, a New Jersey based community hospital, with 256 beds, 575 physicians, and 1,000 allied health professionals. Serving an 11-town primary service area, whose combined population exceeds 150,000, Chilton made quality history in 1996 by becoming the first and only New Jersey hospital to receive a perfect score of 100 and accreditation with commendation from the Joint Commission on Accreditation of Healthcare Organizations.

It's this commitment to excellence that prompted Chilton Memorial's IT department to proactively seek the best possible network intrusion detection solution to protect its patient data. Chilton Memorial's network includes more than 600 personal computers, about 50 servers, 4 remote offices and Internet access that includes virtual private networks. Driving Chilton Memorial's initial call to ClearNetwork, the provider of the vSecure managed intrusion detection solution, was the evolution of HIPAA Leaders in Healthcare Excellence and Network Security Team Up (The Health Insurance Portability and Accountability Act of 1996.) According to HIPAA's privacy rules, an individual's health information must be properly protected while allowing for the flow of health information needed to provide and promote high quality health care, and to protect the public's health and well being. The HIPAA privacy rule seeks to strike a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. As a covered entity, Chilton Memorial committed to take all necessary steps to ensure that patient data is protected as defined in the HIPAA regulations.

Karen S. Smith, Director of Information Systems, Chilton Memorial Hospital shared, "As the project coordinator for HIPAA within our organization, I was working on HIPAA privacy issues and the upcoming regulations. So, early on we started researching intrusion detection services because our experience indicates it's a full-time job for someone to monitor a network and respond to any alarms." In fact, Smith says, "We've always had a heightened awareness of the security issue - even before it was mandated - and we took a lot of steps to deal with intrusion detection, encryption and a lot of other security issues." She smiled, adding, "We've also spent a lot of time educating our users and user departments on these issues, so that they're aware that we're not doing it to make life difficult. Security and privacy are critical to our organization, which is what we get from ClearNetwork's managed intrusion detection solution."

Smith describes ClearNetwork's vSecure as a valuable layer of network security. With worms, viruses, and hackers threatening the Chilton Memorial network, it adds to the protection already in place. Deployed in June 2002, ClearNetwork vSecure was installed within one day. She adds that, in addition to the rapid implementation, Chilton Memorial likes it because ClearNetwork monitors and manages it. If a hacker tries to breach the Chilton Memorial network, ClearNetwork contacts Chilton to discuss the appropriate actions, such as updates to firewalls and patches. Morgan Geoghegan, Network Administrator, Chilton Memorial Hospital commented, "They are really watching that front door, and even inside the network. Since we implemented ClearNetwork's solution, we haven't had any big incidents. However, we have had some minor attempts, so it makes the staff feel a lot more comfortable that they're watching over our network."

When asked what life might be like at Chilton Memorial without ClearNetwork vSecure, Smith states, "To a healthcare facility like us - acute care and outpatient care and more - if our systems were to be brought down, infected, or affected in any way, it potentially puts the hospital in a terrible situation. It would affect patient care and physician's results. Certainly, no one wants a downtime scenario, since we have so many tightly integrated systems that people are depending on. Alone, it saved us from going down due to the inordinate amount of SPAM generated traffic."

Smith isn't exaggerating when she refers to Chilton Memorial's systems. Relying heavily on their specialized enterprise software system, the hospital's critical workflows: patient registration, order entry, and test results reporting are handled by the software's more than 14 different modules. On the back end, this same software is used for general ledger, accounts payable, billing and accounts receivable. And, Smith's department has interfaced this system to a number of other systems that require data from the system. "A security breach could be so pervasive it could go throughout our entire system," she said.

In addition to helping Smith and her team sleep better at night, ClearNetwork is delivering extra value. "We have a good relationship with their team. They're a great resource for us to go to with our security questions or issues - whether upcoming projects or integrating other vendors' systems into our network. They've been very helpful."