Ensuring Secure & Compliant Data Transfers in Healthcare
How Children's National Medical Centre Strengthened Security & Automation with South River Technologies
Children's National Hospital
Industry
Healthcare
Use Case
Secure File Transfer
Products
Titan MFT Server
Background
Children’s National Medical Center needed a secure, compliant, and automated solution to replace their legacy FTP server. South River Technologies’ Managed File Transfer (MFT) platform provided seamless security enhancements, HIPAA and FIPS compliance, and automation features that streamlined file transfers and reduced manual workload. As a healthcare provider, privacy and security are always a high priority. In addition, the legacy FTP server that Children’s National had been running needed more management functions and increased flexibility. A more powerful, flexible and secure solution was identified as the strategic direction for the hospital. The solution needed to provide scheduled transfers, advanced logging, and compliance with FIPS and the Health Insurance Portability and Accountability Act (HIPAA), which outlines minimum standards healthcare
organizations must meet to ensure the confidentiality, privacy, and security of health care information in the Internet environment. Health organizations which store or transfer patient data over the Internet are required by law to be HIPAA compliant.
Introduction
“We were looking for a solution with the right set of features, and not more than we needed,” says Frederick Curry, Director of Information Security for Children’s. “Ease of implementation was also a primary requirement in our search.” Children’s National required visibility into processes, to assure
secure connections and successful completions of data transfers. They also needed automation features to create a more efficient and thorough system of file transfer and minimize the risk of human error. With increasingly prominent public focus on security issues, and regulatory compliance always a key requirement, Children’s considered ten potential solutions, and quickly narrowed that down to 3 possibilities. After a successful trial of the software, they chose the SRT Managed File Transfer platform, along with SRT’s DMZ server to reduce the risk of network breach. With a Titan DMZ Server sitting outside their firewall, all incoming trac was stopped before it reached even the same machines where sensitive data was stored.
Several security-focused features were implemented, including FIPS 140-2 compliance configurations and the Real-time PGP module to encrypt data at rest to ensure data security and compliance.
"We began experiencing immediate improvements to our processes. The design of the managed file transfer solution provided us with greater security, which assists us in meeting our regulatory requirements."
Fred Curry
Director of Information Security
Key Take Aways
Enhanced Security & Compliance
HIPAA and FIPS 140-2 compliant data transfers with real-time encryption.
Automated File Transfers & Notifications
Automation and event notifications reduced manual file transfer tasks.
Easy & Rapid Implementation
Seamless migration from legacy FTP to MFT with minimal disruption.
Solution
A major consideration in choosing SRT’s Managed File Transfer platform was its simple implementation process. With limited resources to devote to a lengthy installation and customization project, Children’s National needed a functional solution in a very short period of time. The implementation process was a positive experience. The installation and setup went forth quickly and without major implementation issues. They achieved their goal of a “quick and painless” migration from the legacy FTP system to their new MFT solution. “We were pretty skeptical,” Curry says. “In this case, the problems just weren’t there. Everything worked just like it was supposed to.” The solution serves both internal and external users in a very interactive environment. Server-to-server transfers and automated processes were also a significant part of the implementation. After a smooth implementation of the software, Children’s National made extensive use of event automation and notification capabilities. When a data feed is received or sent, the MFT server generates a notification for the administrator. The feed status is available up to the minute, facilitating the transparent environment Children’s National needed. “The file transfer automation and notification capabilities helped free up some previously manual activities,” says
Curry.
Results
“We began experiencing immediate improvements to our processes,” says Curry. “The design of the managed file transfer solution provided us with greater security, which assists us in meeting our regulatory requirements.” The availability of extensive security features enabled Children’s National Medical Center to achieve their goal of implementing a secure, automated solution with just the right set of features to meet their needs.