FishNet CARE Platform Helps With HIPAA, HITECH Compliance

The CARE solution, designed and developed by FishNet, is aimed at closing many of the gaps in HIPAA and HITECH security and privacy requirements.

FishNet Security announced the release of an enterprise software platform, Clinical Application & Resource Extension (CARE), that is designed to help health care providers provision users to clinical applications through integration with leading identity management platforms.

The CARE solution, designed and developed by FishNet, is aimed at closing many of the gaps in the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) security and privacy requirements, which were highlighted in the 2012 pilot audit results reported by the U.S. Department of Health and Human Services' Office of Civil Rights.

End users have the ability to change or reset their passwords, which are then automatically updated across all CARE-integrated applications. CARE also provides synchronization with human resources (HR) and payroll system databases and Active Directory environments.

"FishNet Security's CARE software provides scalable, cost-effective integration with traditional identity management platforms to solve for many of the traditional business and information security challenges associated with identity and access management," Andrew Ames, vice president of business development at FishNet, said in a statement. "Organizations can gain efficiencies as a result of the need to manage fewer user IDs and passwords for clinical applications, automating the provisioning of users' accounts and access entitlements to key healthcare applications, and enabling clinicians to reset their own passwords instead of waiting for Help Desk assistance."

The platform also enhances auditing, compliance and IT controls through centralized identity management of clinical and business applications, and addresses top HIPAA compliance issues such as user activity monitoring, authentication and integrity, granting or modifying of user accounts, and verification of the identity of those requesting protected health information.

CARE includes the ability to provide email notification workflow for access requests that can go to application custodians and staff managers or any other designated group, and connects on-premises, off-premises, mobile and cloud-based resources.

"Solutions like CARE, in tandem with those from our integration partners, can not only address a number of business objectives, but they can substantially reduce the risk profile for organizations under fire from a variety of internal and external threats," Ames said. "It is our mission to not only help healthcare providers achieve this dual benefit, but also help ensure that patient health information is secure and protected."

The Ponemon Institute recently reported that 94 percent of health care organizations surveyed suffered at least one data breach during the past two years. Even more concerning, 45 percent of organizations experienced more than five data breaches each during this same period.

Based on the experience of the 80 health care organizations participating in this research, Ponemon estimates that data breaches could be costing the U.S. health care industry an average of $7 billion annually.