Solutions

Sensitive data discovery and masking is relevant to a wide breadth of industries. Meeting regulatory and compliance requirements for HIPAA, PCI, PII and other privacy protection regulations is critical for a broad range of industries. Increasingly Internal corporate data security policies demand that information be masked to protect it from internal privileged but unauthorized users.


Healthcare: HIPAA Regulation Compliance

Healthcare is an industry that is subject to a variety of government privacy regulations including the far reaching Healthcare Industry Privacy Act (HIPAA).    Hospitals all need to protect large numbers of patient records.   Even regional hospitals face the challenge of protecting data that resides in a wide variety of databases.  

A successful regional hospital turned to dataguise to find and mask specific data records in both Oracle and SQL.  The project was driven by the chief security officer’s team and ultimately involved the principal database architects within the IT department.  Thanks to dgdiscover and dgmasker, The Chief Security Officer (CSO) is now confident that all locations where patient data was stored were identified and the records properly secured according to both internal policies and external HIPAA requirements.

Federal: Fair Information Practices and Protection of Confidentiality of PII

NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII); April 06, 2010

The need for federal agencies and commercial enterprises to take effective measures to protect their personally identifiable information (PII) and other sensitive data has never been greater. With data thefts and breaches in the news, regulators and legislators are imposing higher standards for protecting sensitive personal and financial information, with higher fines and penalties for offenders. To assist these efforts, the National Institute of Standards and Technology (NIST.gov) recently published sp800-122 which provides guidelines for protecting the confidentiality of PII.

The NIST.gov document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. PII should be protected from inappropriate access, use, and disclosure. This document provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. For more information on how dataguise solutions can help meet the key recommendations from NIST contact use today.

Biotech: Internal Corporate Security Policies

Many corporations have internal security policies but are challenged in how to effectively enforce and audit these policies.  The corporate security division of a large biotech firm informed the safety division of the IT department that internal security policies required that production data not be used in a non-production environment. 

In preparation for rapidly approaching internal and external compliance audits the Safety Division conducted a search of non-production databases which indicated they would fail to meet the required standards for regulatory and policy compliance standards.  

Encryption was not a solution primarily due to the disruption in the workflow for the teams using production data in non-production test and development environments.  The biotech firm turned to masking solutions from dataguise.  Because dgmasker is software and does not involve the laborious process of writing scripts and uses the technique of Mask in Place, the solution was implemented in a matter of weeks. 

On the day of the audits the head of the corporate security division was sure that the IT department would not be successful.   The Safety Division not only passed the audit but greatly reduced the cost of compliance. 

Pharmaceutical: Privacy And Trade Secret Protection In Clinical Trials

During most clinical trials there is a need to share test results with a variety of investigators that are often in different locations using different data management and storage systems.   It is imperative that during the process of evaluating test results the identities of participants as well as the comments and input of the clinicians involved be protected.   Best practices and in some situations government regulations require that participating investigators are not able to identify the individuals participating in the trials.  At minimum both the individual’s name and social security numbers must not be revealed.  

A large pharmaceutical firm recognized that the dataguise’s dgmasker provided the best solution to ensure privacy without disrupting the existing project workflow.   Chief among the company’s concerns were that the information be protected not only from external attacks but also from privileged but ultimately unauthorized engaged with the trial.  Benefits to the customer were rapid implementation of the solution.  dgmasker was easy enough to use that is also greatly minimized future dependencies on the application knowledge of any one or two individuals within the firm. 



Benefits

  • Removes opportunity for data theft
  • Does not disrupt existing workflow
  • Scales for Enterprise-wide data discovery and de-identification/masking
  • Easy to use and implement
  • Automated Sensitive Data Discovery
  • Low total cost of ownership


The dataguise technology desensitizes information so that a breach is not possible. With dgmasker and dgdiscover in place, we can provide our customers and members with peace of mind that their personal health information is safe and secure.

Nitin Gotmare
Director IT Molina Healthcare