Courion Access Insight Detects Data Security Risks at HCR ManorCare
HCR ManorCare, a network of short- and long-term medical and rehabilitation care centers in 32 states, relies on Courion's Access Insight application to identify risks in access to data on patients and residents.
Encompassing 500 health care facilities, HCR ManorCare serves patients recovering from procedures such as knee surgery as well as elderly residents suffering from Alzheimer's disease. The facility also offers assisted living, hospice and home care.
The organization uses Access Insight to identify and settle risks associated with possible improper access to patient data.
Through Access Insight, the health facility can manage access among HCR ManorCare's employees, including nursing staff, direct care workers, nurse aides and back-office personnel, Jason Baxter, HCR ManorCare's director of systems development, told eWEEK.
HCR ManorCare must make sure "a nurse at one facility can't see data at another facility," said Baxter.
The predictive analytics in Access Insight builds on the provisioning and certification systems of HCR ManorCare to allow the facilities to identify and access data on a continuous basis, said Baxter. "We can slice, dice and dissect any risk related to any role, person or resource at any time," he said.
Access Insight generates graphical profiles, or heat maps to allow IT managers at the rehabilitation center to drill down to data points that show risks to violating compliance guidelines.
The software allows IT managers to view Active Directory groups, provisioning and password resets by region, department and division.
"Any large organization faces an inherent risk of improper access to sensitive data," Chris Sullivan, Courion's vice president of product planning, said in a statement. "HCR ManorCare is applying advanced technology so that they can aggressively identify, understand and settle business risks continuously while simultaneously improving operational efficiency."
The software allows HCR ManorCare to identify patterns in access and determine if violations of compliance guidelines have occurred. For health care data, the software can inform the company of access patterns that could violate the Health Insurance Portability and Accountability Act (HIPAA), said Baxter.
"Us having a handle on those patient privacy concerns is something that's paramount in our industry," said Baxter.
"Courion is the center of our whole identity and access management strategy and implementation," said Baxter. "We're leveraging Access Insight to take a holistic look at where the gaps are from our provisioning process."
Access Insight allows HCR ManorCare to combine transactional, provisional and profile data as well as identify gaps and anomalies. Heat maps in the application highlight access outliers, or statistics that vary from the access patterns based on risk, said Baxter.
The result of combining this data is an "identity-management warehouse," said Baxter.
"We're taking that information and being able to categorize our file shares or information based on risk," he said.
HCR ManorCare can then assign risk scores to data and report on problems in access permissions.
"What this enables us to do is really understand who has access to our critical resources and compare that to who should have access to our critical resources and be able to address gaps," said Baxter. "If you have private personnel data or financial data, understanding who has access to that really allows us to focus our resources on remediation and access control."
Variations in access might involve "read-only" versus "edit" mode in a document, and Access Insight provides the information the health facility needs to close possible gaps in access.