Press Release

Healthcare Organizations Deploy RSA Solutions To Improve Privacy And Efficiency Of Patient Care

Healthcare Organizations Deploy RSA Solutions To Improve Privacy And Efficiency Of Patient Care

HIMSS 09 – CHICAGO, IL, April 6, 2009 - 

RSA, The Security Division of EMC (NYSE: EMC) announced that leading healthcare organizations – including Apoteket AB, Blue Cross and Blue Shield of Kansas City, Catholic Health System, Geisinger Health System, Mainline Health and University of Pittsburgh Medical Center – have implemented effective information risk management strategies and information-centric technologies from RSA in order to help secure highly sensitive patient healthcare data and meet compliance mandates.

"Through the strategic use of RSA technology we have been able to accelerate our plan for an integrated regional health organization. The Keystone Health Information Exchange pilot, secured by RSA® Access Manager and RSA® Federated Identity Manager, allows emergency departments within participating hospitals to share patient health information, in real time," said David Young, IT Program Director at Geisinger Health System. "This minimizes delays in treatment which can be frustrating and, in some cases, even life threatening. It also increases the productivity of physicians, reduces operational costs and ensures compliance with HIPAA regulations."

Young added, "With RSA® Adaptive Authentication, Geisinger has been able to offer our referring and affiliated physicians secure access to critical online resources, thereby facilitating the sharing of patient information out to external physicians. Providing these groups with access to a patient's electronic medical record helps to reduce the number of duplicate tests, which speeds treatment and improves the patient experience. We were particularly attracted by the way RSA Adaptive Authentication offers layers of security in addition to a regular user name and password, but without inconveniencing the user. It is ideal for clinicians working in a busy and often pressured hospital and clinic environment."

In order to protect the confidentiality, integrity and security of patient health data within the information infrastructure, healthcare organizations can apply a series of best practices to improve patient care and clinical workflow, and meet compliance challenges with confidence. First, an organization should understand and discover what data is most sensitive to its patients, clinicians and its own enterprise. As a result, it becomes equipped with the proper intelligence to select appropriate data and access controls based on policy and risk. Organizations can then monitor and report on security policy effectiveness and demonstrate compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Joint Commission requirements, and European Union Data Directives. This holistic framework is based upon guidelines such as ISO 27799 for Information Security Management that helps to ensure patient healthcare information is protected, managed and auditable.

"A data breach at a hospital cannot only expose the credit card and bank account information of a patient, but it can also provide a data thief with the information to seek medical care using the insurance of another person. Furthermore, medical identity theft can have a serious detrimental impact on the ability of the patient to obtain private health insurance in the future, and can place the life of a victim in danger as the medical history of two or more people are combined into a single health data record," said Jarad Carleton, Senior Consultant at Frost & Sullivan. "Accessing the detailed medical history of a patient can also create issues from a provider standpoint as any change in these records could potentially lead to the death of the patient. This worst-case scenario can expose a hospital to civil lawsuits, negative publicity, and heightened regulatory oversight in countries with enforceable data privacy laws."

"In a 2008 HIMSS survey*, 97 percent of healthcare CIOs revealed that they were concerned about the security of the data within their organization. This is no surprise as traditional information security infrastructures have been primarily designed to protect against external threats. Yet today, the black market for information used for identity theft remains robust, and the focus on security is shifting to insiders with broad access to sensitive data. They know where the systems are, how they interact with each other, and what data resides on which systems," said Tom Corn, Vice President of Product Marketing at RSA, The Security Division of EMC. "This disparity between the current threat landscape and the traditional information security infrastructure is leading to more healthcare data breaches, increased regulation, and higher operational costs. In turn, critical workflow processes can be negatively impacted affecting the movement and availability of patient information."

For more information, please visit RSA's Information Risk Management for Protected Healthcare Information security solution website. A free copy of the Frost & Sullivan white paper (commissioned by RSA) entitled "Keeping the Promise of Privacy: Protecting Sensitive Data in Healthcare Organizations" can be found under Resources.

* Frost & Sullivan, Keeping the Promise of Privacy: Protecting Sensitive Data in Healthcare Organizations, August 2008

About EMC

EMC Corporation (NYSE: EMC) is the world’s leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC’s products and services can be found at

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

Press Contacts

David Seuss
RSA, The Security Division of EMC

Heather Milne
OutCast Communications

RSA is a registered trademark or trademark of RSA Security Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation. All other trade names and trademarks are the property of their respective holders.