Healthcare Information Security

Cybersecurity News

PeaceHealth concentrates on file transfer security

By Patrick Ouellette

- Consolidating and updating internal applications on a regular basis is common for healthcare organizations these days and ensuring data is private and secure should remain a primary focus during these projects. PeaceHealth, a non-profit healthcare organization that operates nine hospitals in the western U.S., has been using Globalscape as its file sharing solution for the last few years.

Though using a technology such as Globalscape, which offers enterprise file transfer software for healthcare providers, has helped merge the different file transfer methods across PeaceHealth, there are security benefits as well. All of Peace Health’s projects have a vetting process that they go through where the exchange of specific patient data needs to be approved by either legal or the security team. And it requires that anyone it exchanges data with use some form of file transfer that’s going to either encrypt or protect that data as it’s delivered to the external location. Globalscape can offer security support such as FIPS 140-2 certified encryption.

Matt Quirk, Senior Interface Systems Analyst at PeaceHealth, explained that there was a list of specific security protocols that were identified and required by the organization before using a file sharing product.

The protocols we use most often are Secure File Transfer Protocol (SFTP) and we use File Transfer Protocol (FTP) over SSL, with or without PGP encryption. And we do HTTPS as well. We use FTP regularly for limited, internal-only transfers, as we don’t go outside of our intranet with the regular FTP.

  • OIG Identifies IT Security Issues Following OPM Data Breach
  • Looking at both sides of the BYOD remote wipe policy debate
  • Does Employee Access Hinder Patient Data Security?
  • Are Medical Practices Prepared for OCR HIPAA Audits?
  • OCR: Staff Training Key for Data Security, Avoiding Scams
  • Vendor Risk Management Key Focus in Recent HITRUST Program
  • Arizona urology clinic reports health data breach
  • Health Data Breaches From Theft, Improper Disposal
  • Is PHI Security Strong Enough in the Workplace?
  • Phishing Scam Creates Potential Patient Data Exposure in MA
  • AHA Calls for Strong Healthcare Cybersecurity Measures
  • How Can Covered Entities Best Prepare for Ransomware Threats?
  • 2014 IT audit survey: Healthcare lacking in risk assessment
  • Medical center not liable for breach; Humana reports breach
  • How disparate HISP transport protocols affect HIE security
  • DHS, Siemens Warn of Potential Medical Device Vulnerabilities
  • HHS amends CLIA regulations to allow direct patient access
  • Top Tips for OCR HIPAA Audit Preparation
  • Is Patient Privacy Violated with NY database?
  • How to Search for Qualified Healthcare IT Security Personnel
  • Half of Businesses Report Ransomware Attack in Past Year
  • NH-ISAC, MDISS Collaborate for Medical Device Cybersecurity
  • Winchester Hospital IS Director talks IT security evolution
  • Creating New Healthcare Cloud End-User, Environment Policies
  • House Subcommittee Talks Connected Device Cybersecurity Issues
  • Reminders for Securing Patient Data Through Meaningful Use
  • Mobile Health Privacy Top Concern for mHealth Adoption
  • HHS discloses Westerville Dental Center data breach
  • Will Facebook Interest in Consumer Health Affect Privacy?
  • DENT Neurologic Institute informs patients of data breach
  • ONC Privacy Policy Snapshot Challenge Wants Online Patient Tool
  • AAP questions adolescent privacy in EHR software
  • IT expert discusses healthcare security challenges, training
  • New DirectTrust.org chair delves into HIE security and access
  • Stage 2 Meaningful Use security needs for small providers
  • Excellus BCBS Data Breach Affects 7M Individuals
  • Mass. Hospital Hit With $200K OCR HIPAA Settlement
  • Securing Endpoint Devices from Healthcare Ransomware Threats
  • FDA Updates Medical Device Regulation, Risk Classification
  • OCR and NIST Conference Highlights HIPAA Data Breach Statistics
  • Reminders for HIPAA Compliance with Business Associates
  • Making health data breaches C-level priorities
  • Conn. State HIE Security Questioned in Auditor’s Report
  • Preparing for Increasing Healthcare Cybersecurity Risks
  • HIPAA Regulations Not Data Exchange Barrier, Says Halamka
  • Farzad Mostashari previews ONC HIE security guidance
  • Phishing Scam Leads to Potential Healthcare Data Breach in WY
  • Privacy & Security Tiger Team discuss HIE security advice
  • San Antonio laptop with child vaccination records stolen
  • Wyo. Security Breach Notification Bill Includes Health Data
  • White House Launches New Cybersecurity Agency
  • Cedars-Sinai experiences celebrity patient data breach
  • US-CERT Updates Cybersecurity Incident Notification Guidelines
  • Interpreting HIPAA vs. state privacy laws for deceased patients
  • Unauthorized HIE Access Leads to MA Data Security Incident
  • Man found guilty in $1.5 million Medicare identity fraud plan
  • Best practices for using cloud services in healthcare
  • Encryption Aspect Amended in CA Data Breach Notification Law
  • HIMSS14 session preview: Privacy and compliance practices
  • Why Healthcare Cybersecurity Measures Must Evolve
  • Beebe Healthcare suffers breach through contracted employee
  • FDA Releases Medical Device Cybersecurity Guidance
  • PA Court Rejects Healthcare Data Breach Class Action Lawsuit
  • Current HIPAA Requirements Sufficient, AHA Tells ONC
  • Texas HHS worker charged with internal data theft
  • Medtronic reveals patient data exposure in SEC filing
  • Survey: HIPAA fines, not data safety top reason for compliance
  • U.S. Digital Service team “playbook” includes data security
  • Reviewing future health security projects: DLP, PCI compliance
  • New IBM security consultancy to help apply NIST framework
  • Duke Health System notifies patients of data breach
  • Lax security of marijuana database prompts emergency petition
  • Maximizing ONC, HHS Security Risk Assessment Tool’s uses
  • Risk Adjustment Program Requires Healthcare Data Security
  • FDA issues encryption, authentication rules for medical devices
  • Unencrypted Flash Drive Lost, Privacy Incident for 2K
  • Data Security Vulnerabilities Found in CMS Wireless Networks
  • PHI Security Compromised as Hacker Posts 655K Records
  • Patient privacy, consent considerations for health big data
  • HIMSS Urges Holistic Approach in NIST Cybersecurity Framework
  • Ponemon: Healthcare Cyber Attack Averages One Per Month
  • LewisGale Regional Health System experiences data breach
  • Why Secure Healthcare Technology Must Assist Daily Workflow
  • Weighing HIPAA privacy standards vs. public safety
  • Stakeholders Highlight Secure Exchange in Comments to ONC
  • Doctors Can Be Sued for HIPAA Negligence, Says Conn. Court
  • HITRUST, Trend Micro Set to Improve Cyber Threat Management
  • NIST set to release final cybersecurity framework on Feb. 12
  • Final Orders Approved in FTC Patient Privacy Case
  • Pros and cons of cyber insurance for health data breaches
  • Thieves steal laptop with PHI from California internist
  • ONC: HIPAA Regulations Help, Not Hinder Interoperability
  • Email Top Health Data Security Risk, Survey Finds
  • How Automation, Orchestration Impact Healthcare IT Security
  • How to install ONC award-winning digital privacy notices
  • GAO challenges CMS on cost of removing Medicare SSNs
  • How Healthcare IT Teams Bring Value and Security to Providers
  • DirectTrust Growth Reflects Priority on HIE Security
  • New WannaCry Malware Strain Affects FirstHealth Computer Network
  • SANS survey analyzes health endpoint vulnerabilities
  • Karl Skoog, Development Manager at PeaceHealth who takes care of interface work, Web development, data extracts and secure file transfer within the organization, explained that Globalscape had all the security protocols that PeaceHealth needed. We had identified protocols that we had requests for previously and made sure that those were met by Globalscape. But making the balance between security and usability was important as well.

    We have a configuration in place where we have a server in the DMZ that communicates and interfaces with the Globalscape server internally. So there’s an extra layer of security that we have in place just with the hardware server configuration.

    Any new project that gets approved that has a file-sharing component of transferring data into or out of the PeaceHealth Network utilizes Globalscape, said Skoog. It also uses it in its reference lab because there are some lab clients that may have a smaller EMR system that don’t have HL7 interfaces and are file-based, they expect PeaceHealth to securely drop a file of lab results. “We use Globalscape to securely drop those lab results to the external clients,” Skoog said.

    James Bindseil, president of Globalscape, said that healthcare providers are generally looking for solutions to business problems, such as ensuring that they can move patient information between providers in an efficient and easy-to-use manner while maintaining compliance. “Providers are more worried about the treatments that they’re providing and saving and enriching lives than they are about any encryption mechanism,” he said. “They have the weight of federal regulations on them as well. Organizations need to be able to send and receive data without it residing in their demilitarized zone (DMZ).”

    X

    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    BYOD
    Cybersecurity
    Data Breaches
    Ransomware

    Our privacy policy

    no, thanks