Data Security and Compliance in Healthcare

Overview

A leading healthcare payer organization with more than 500,000 members needed to implement database auditing in order to comply with SOX and HIPAA regulatory requirements. The organization wanted to:

• Monitor access to all critical databases, including access by privileged insiders.
• Create a centralized audit trail for all their database systems.
• Produce detailed compliance reports (SOX and HIPAA) for their auditors.
• Implement proactive security via real-time alerts for critical events.
• Acquire a solution that integrated easily with their existing environment (LDAP, SIM/SEM, Cisco switches, MOM, etc.) and could be managed remotely.
• Select a solution that does not rely on database-resident functions (such as triggers, trace or transaction logs, etc.) which can affect database performance and stability.

After inquiring with Gartner and Forrester Research, this organization evaluated multiple vendors and chose the IBM InfoSphere Guardium solution. IBM’s appliance-based technology allows companies to secure their enterprise data and rapidly address auditors’ requirements without affecting performance or requiring changes to databases or applications.

Environment
The healthcare payer infrastructure includes nearly 50 database instances in Production, Staging, Test, and Development environments, that need to be monitored for unauthorized or suspicious access. These databases support a range of financial, customer, and patient applications. The InfoSphere Guardium solution is complementary to existing security investments such as perimeter firewalls, SSL VPNs, identity management, SIM/SEM, IDS, and configuration policy management.

NOTE: Please view the PDF version of this case study for a summary of how IBM addresses the stringent requirements typically defined by large healthcare payer organizations.

About IBM InfoSphere Guardium
InfoSphere Guardium is the most widely-used solution for preventing information leaks from the data center and ensuring the integrity of enterprise data. It is installed in more than 400 customers worldwide, including 5 of the top 5 global banks; 4 of the top 6 insurers; top government agencies; 2 of the top 3 retailers; 20 of the world’s top telcos; 2 of the world’s favorite beverage brands; the most recognized name in PCs; a top 3 auto maker; a top 3 aerospace company; and a leading supplier of business intelligence software. InfoSphere Guardium was the first solution to address the core data security gap by providing a scalable, cross-DBMS enterprise platform that both protects databases in real-time and automates the entire compliance auditing process.

Guardium is part of IBM InfoSphere; an integrated platform for defining, integrating, protecting and managing trusted information across your systems. The InfoSphere Platform provides all the foundational building blocks of trusted information, including data integration, data warehousing, master data management, and information governance, all integrated around a core of shared metadata and models. The portfolio is modular, allowing you to start anywhere, and mix and match InfoSphere software building blocks with components from other vendors, or choose to deploy multiple building blocks together for increased acceleration and value. The InfoSphere Platform provides an enterprise-class foundation for information-intensive projects, providing the performance, scalability, reliability and acceleration needed to simplify difficult challenges and deliver trusted information to your business faster.