A Look Inside How CORHIO Keeps Data Safe in the Health Information Exchange

November 28th, 2016 | Published Under Health Information Exchange by Jennifer Mensch

CORHIO strives to continually improve the stability and integrity of data in the CORHIO Health Information Exchange. We regularly review the data in our network and our processes to ensure our high quality standards are being met. CORHIO has a Security Team, which consists of a Compliance Officer, a Privacy Officer and a Security Officer. They work together to review both privacy and security policies, train employees, review new security technologies, enforce the CORHIO security program and act as first responders to breaches and/or suspected breach notifications.

Data Sender Interfaces

We regularly monitor the flow of information coming through our data sender interfaces so that we can recognize when the flow has been interrupted or when data values have changed. This allows us to re-engage with our hospital and laboratory data senders as needed to make adjustments and improve data quality.  

User Monitoring

Our Security Team utilizes sophisticated auditing and monitoring tools to ensure data security and that users are only accessing patient records for those which they have a clinical relationship. To that end, all CORHIO systems have log and event monitoring software installed with alerts sent to the CORHIO Security Officer and Compliance Officer if questionable usage occurs.

Internal Security

CORHIO also performs monthly and random scans of servers to review vulnerabilities and open ports. All found vulnerabilities are resolved via internal CORHIO resources and/or IT via monthly patching schedules. All CORHIO laptops have third-party external monitoring software installed where all running applications, services and IPs can be reviewed. This software also gives the CORHIO Security Team the ability to remotely wipe laptops if necessary. CORHIO also has full disk encryption installed on all employee and/or contractor laptops.

Annual Assessments

CORHIO performs annual third-party assessments and penetration tests. These assessments and tests may result in a change of CORHO policies and/or procedures to ensure we are continually improving our security processes, infrastructure and monitoring. The assessments are reported to executive leadership to review the risks and costs to implement improvements.

CORHIO also performs mock events to ensure employees in crucial positions know how to react to cyber threats, environmental disasters and other potential identified risks and can confidently follow the CORHIO Disaster Recovery Plan to limit outages and maximize recovery efforts.

If you have any questions about CORHIO’s security procedures or data monitoring, please contact your CORHIO representative or the Help Desk. You can also request a copy of our Security Overview document, which includes more details.