For Chuck Christian, CIO at Good Samaritan Hospital, Vincennes, Ind., end-point security is a constant and ongoing challenge. With a variety of technologies and policies in place to safeguard sensitive information that could make its way to devices, the 232-bed hospital has managed to stay off the HHS data breach Web site so far, in part due to the diligence of Christian and his 25-member I.T. staff. "You have to re-educate people--tell and tell again, no patient data on a laptop," says Christian, summarizing one key policy. "Period."

Earlier this year, Good Samaritan went well beyond its laptop policies, disabling USB ports across the computers connecting to its network. It was a pre-emptive move to preclude inappropriate data transfers to easily lost devices, Christian explains. Nonetheless, the new policy was not well-received. "It caused consternation," Christian says. Christian fielded a call from a purchasing manager at the hospital who wanted to obtain thumb drives in bulk for the stock room. "I said no," Christian recalls. "These things are so convenient, people could store unencrypted personal health information on them. You can put down a thumb drive and they're gone."

Christian's staff gives alternatives to administrators clamoring for additional digital storage space. An engineering supervisor requested eight large-size thumb drives to store building schematics and piping diagrams, asserting that if he lost the drives, little would be at risk. "I told him it could be a big deal because that is not information everyone should have." Christian created a Microsoft-enabled Sharepoint site on his network for the engineering department; it serves as a semi-private location on the network where files can be stored and accessed by authorized members.

The wound care unit also objected to the closure of the USB ports. They had used the ports to download digital photos to the hospital's EHR. "They weren't conscious they were creating a potential security or breach situation because it was so convenient," Christian recalls. His crew then installed card readers for the cameras. "You have to worry about people inadvertently storing data where they shouldn't."

For more information about securing mobile devices, see July’s issue.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access