Healthcare Information Security

HIPAA and Compliance News

Managing, provisioning internal healthcare applications

- Properly managing a variety of applications across a large healthcare organization while staying HIPAA compliant can be done in a number of different ways, but each IT decision sends ripples through the organization. With the end goal of keeping costs down as much as possible while maintaining a productive, secure environment, many organizations have a mix of technologies in place.

These hybrid environments include both on and off-premises applications and Bharani Krish, ‎Director of IT Enterprise Infrastructure Services at Molina Healthcare, and his team manage all applications via Platform as a Service (PaaS) and support the daily operation of any software that runs on the server. The Molina Infrastructure as a Service (IaaS) team, according to Krish, handles the server operating system (OS) and network and when they work with him and his team, they will provision any Software as a Service (SaaS) model.

Krish said he and his team made a pledge to assure Molina that by next year it will turn all internal applications into various forms of an “as a service” model so that most of our provisioning will be “as a service.” But this provisioning work, which includes monitoring and tracking access rights and privileges, must be done in a secure, HIPAA compliant fashion and Krish said automation is a big key. “Based on our type of provisioning, it’s kind of automated because we have a standard security template that comes along with operations,” he said. “In the healthcare industry, security is important and we take it very seriously.”

Because of new healthcare reform and developments, Krish said the challenge when he first started was every time his team received a request, it took time to provision the database.

  • 79K Patients Affected by Emory Healthcare Data Breach
  • HISP primer for data exchange: Security certificate standards
  • Penn State Hershey Medical Center alerts 1,801 patients of breach
  • Memorial Hospital of Lafayette County reports data breach
  • Healthcare Cybersecurity May Need Greater Email Protection
  • Securing different forms of internal clinical communication
  • Adapting to wrinkles in your healthcare security strategy
  • Experts reflect on healthcare cloud data security, compliance
  • CHRISTUS St. John Hospital reports data breach
  • How Administrative Safeguards Can Prevent Data Breaches
  • Reviewing Medical Device Security Guidelines
  • How Rise in Phishing Attacks Affects Healthcare Data Security
  • Healthcare Ransomware Increasing, Education Sector Top Target
  • HIE best practices: Keeping data safe
  • AMA Wants Better Health Data Privacy Before Stage 3 MU
  • HIPAA Physical Safeguards: A Basic Review
  • UMass Memorial Medical sends out patient data breach notices
  • Coordinating Healthcare Data Center Security, Cloud Security
  • How patient privacy restrictions may affect HIEs
  • Healthcare attorney highlights HIPAA Omnibus changes
  • Healthcare Cloud Security Concerns Not Impediment to Usage
  • How a healthcare CIO maintains IT security and efficiency
  • Children’s Medical Center Issued $3.2M OCR HIPAA Penalty
  • Creating a Comprehensive Healthcare Risk Management Plan
  • Upstate University Hospital alerts patients of data breach
  • Healthcare Cybersecurity Still Top Issue, Says CHIME Leader
  • OPM Data Breach Leads to Another Class Action Suit
  • Healthcare Cloud Usage Exceeds IT Expectations, Report Finds
  • HIPAA BAA, patient data flow strategies for an HIE
  • House passes data breach notification bill
  • What Should Entities Expect for Healthcare Security in 2017?
  • HHS Secretary Kathleen Sebelius resigns from post
  • Are Better HIPAA Guidelines Needed for Health Apps, Devices?
  • Managing a health data breach with a response plan
  • Phishing Attack Affects 3,300 Partners HealthCare Patients
  • Patient Privacy Concerns Arise Over Cal INDEX HIE
  • Why Healthcare Network Security Must Be a Top Priority
  • How the Patient Safety Rule Ties into HIPAA Regulations
  • BYOD adoption requires security education, staff training
  • Healthcare cloud computing security needs for 2013
  • Stage 3 Meaningful Use: Breaking Down HIPAA Rules
  • Healthcare Leads in Data Encryption Measures, Says Ponemon
  • How to Ease Consumer Health Data Privacy, Security Concerns
  • Patient Privacy Top CHIME Recommendation to Senate Group
  • UC Irvine alerts patients of keylogging malware incident
  • eHealth Initiative survey: HIE security questions linger
  • 3 Ways to Break Through the Healthcare Cloud Security Fear
  • Will Healthcare Interoperability Issues Follow DeSalvo Departure?
  • ONC’s privacy standards work stopped in government shutdown
  • Allina Health Privacy Incident Possibly Exposes Patient Info
  • Unencrypted laptops stolen from Women’s Health Enterprise
  • Using IAM Solutions for Stronger Cybersecurity Measures
  • How Secure Communication Platform Benefits TX Health System
  • Six legal tips for HIPAA omnibus compliance
  • Cybersecurity Attacks Leading Large Health Data Breach Cause
  • Why Healthcare Security Must Be Top Priority for CIOs
  • Scrutinizing healthcare data encryption options
  • HIMSS Mobile Technology Survey: Security methods expanding
  • R.I. approves patient privacy bill for crime investigations
  • PHI Exposed on Emails to Anthem Blue Cross Members
  • Unity Health Plans notifies 41,437 of missing hard drive
  • Healthcare security Q&A with Dell CMO Andy Litt
  • Securing Health Information in an Increasingly Insecure World
  • Learning from the Banner Health Cybersecurity Attack
  • HHS Role in Healthcare Cybersecurity Discussed in Hearing
  • Patient files privacy breach suit v. Torrance Memorial Medical Center
  • GAO: CMS must boost privacy and security controls
  • Cybersecurity Plans See More Executive Support, Study Shows
  • Breaking Down HIPAA Regulations in Emergencies
  • Healthcare application, desktop virtualization security pointers
  • Changing healthcare privacy culture to reduce data breaches
  • Unauthorized PHI Access at Ohio Hospital Affects 300 Patients
  • Kaiser Permanente v. Surefile update: Kaiser denied data access
  • Unauthorized Access, Malware Top Cloud Security Worries
  • Top healthcare CISO concerns: Finding the data, BYOD risks
  • Patient Data Breach Fear Hinders Health Data Sharing
  • OIG: VA sent unencrypted PII data on a routine basis
  • mHealth bills on Capitol Hill may impact privacy, security
  • Billing snag leads to PHI breach; NJ man sues for benefits names
  • Federal Agencies Need Better Cybersecurity Measures, Says GAO
  • Healthcare Data Breaches Top Reported Data Security Incident
  • Saint Francis Hospital (Conn.) announces 858-patient breach
  • Redspin 2012 health data breach report breakdown
  • How Do HIPAA Regulations Affect Workplace Wellness Programs?
  • Breaking Down HIPAA Rules: Data Breach Notification
  • Balancing risk management and patient data security technology
  • Conn. State HIE Security Questioned in Auditor’s Report
  • Hospital of Univ. of Penn. Enters Secure Messaging World
  • System of CMS IT Security Controls Lacking, Says OIG Report
  • GAO Calls for More Guidance, Oversight in HIPAA Regulations
  • Hackers Access EHR Data in Potential Healthcare Data Breach
  • Embracing Healthcare Cloud, Virtualization Security Services
  • Texas Health Services Authority, HITRUST form CSF pact
  • Maryland DDA computer breach affects 9,700 clients
  • Using, Exchanging Health Data Securely a Challenge, Says OIG
  • Addressing healthcare mobile security from a legal standpoint
  • CHIME looks to meet CIO security needs with support program
  • FDA Moves Forward in Medical Device Security Measures
  • Advocate Medical Group endures massive data breach
  • mHealth security stakeholders to testify Thursday in D.C.
  • I looked at our environment and found that our production was 400 terabytes and non-production was closer to 2 petabytes.  Depending on the size, it may be a terabyte or 10 of them, so it takes time to take the backup and move across to development with the security template masking everything. It may take a few hours to a day and the development cycle was slowing down.

    To help Molina with provisioning and managing massive amounts of data, Krish said the organization chose the Delphix Compliance Engine to efficiently deliver that masked data (based on individual policy) while rolling out new applications and remaining compliant with federal regulations. Krish said Molina was able to transfer the transactional log, which was very small, and then provision it within less than ten minutes, irrespective of size.

    We had a separate solution for mapping the data, that’s in a compliance requirement – they don’t want to expose the correction data to the development team or even the functional team.  So we had a separate module.  We had a separate software that tied up to the Delphix virtual database and once that database is published we could use that module to map the data based on our internal policy, which modeled very well, but again, that’s a delay in provisioning that solution.


    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks