THE IT&S 2015 ANNUAL REPORT
2015AnnualReport
2015AnnualReport
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Protection of Our Assets<br />
It’s absolutely crucial that we ensure the confidentiality, integrity,<br />
and availability of all our data. The goal of the Information<br />
Protection team is to implement safeguards that focus on strong<br />
user access controls, awareness and training of the workforce,<br />
data security, processes and procedures, and protective<br />
technology.<br />
Key accomplishments in <strong>2015</strong> included:<br />
Detection of Threats, Data Loss, and<br />
Inappropriate Access to Sensitive<br />
Information<br />
HCA is, unfortunately, the target of innumerable external threats<br />
such as nation states, cyber criminals, and hacktivists. We also<br />
face internal threats, like dishonest insiders, and even honest<br />
staff members who make errors or decisions out of urgency or<br />
ignorance. This all means that the Information Protection team<br />
has to be constantly on guard and on the lookout for potential<br />
threats to our company.<br />
• REENGINEERING BUSINESS<br />
• IMPROVING DATA QUALITY<br />
• INTRODUCING MONTHLY<br />
PROCESSES AND SYSTEMS TO<br />
REDUCE <strong>THE</strong> USE OF SOCIAL<br />
SECURITY NUMBERS<br />
WITH PROVIDER DICTIONARY<br />
STANDARDIZATION EFFORTS<br />
AND COLLABORATION WITH<br />
iPROTECT SESSIONS AIMED<br />
AT CORPORATE IT&S PROJECT<br />
MANAGERS AND BUSINESS<br />
Key accomplishments in <strong>2015</strong> included:<br />
• PARTNERING WITH<br />
ENTERPRISE DATA<br />
WAREHOUSE BUSINESS<br />
OWNERS TO IMPLEMENT<br />
AN IMPROVED USER ACCESS<br />
REQUEST PROCESS, DEVELOP<br />
TRAINING, AND CREATE<br />
OPERATING PROCEDURES<br />
• PARTNERING WITH<br />
INFRASTRUCTURE SERVICES<br />
& OPERATIONS TO IMPROVE<br />
NETWORK AND FIREWALL<br />
PROTECTION<br />
CLINICAL SERVICES GROUP,<br />
INFORMATION PROTECTION,<br />
AND IT&S<br />
• ESTABLISHING <strong>THE</strong><br />
CORPORATE ACCESS<br />
TEAM, ROLLING OUT ESAF<br />
TO CORPORATE USERS,<br />
IMPROVING ACCESS REQUEST<br />
PROCESSES FOR USERS<br />
IN MULTIPLE DIVISIONS,<br />
AND TURNING ON NON-<br />
EMPLOYEE CONTRACT END<br />
DATE NOTIFICATIONS<br />
ANALYSTS TO PROVIDE<br />
AWARENESS ON KEY<br />
PROJECT DELIVERABLES AND<br />
TOPICS INCLUDING SARC, ISA,<br />
ISAM, RECORD RETENTION<br />
REQUIREMENTS, AND IT&S<br />
POLICIES AND STANDARDS<br />
• 70% OF OUR WORKFORCE<br />
COMPLETED “BE <strong>THE</strong> HERO:<br />
YOUR IDENTITY DEPENDS ON<br />
IT” TRAINING AS WELL AS AN<br />
ADDITIONAL COURSE FOR<br />
MANAGERS<br />
• DEPLOYING DATA LOSS<br />
PREVENTION (DLP) ACROSS<br />
<strong>THE</strong> ENTERPRISE, WHICH<br />
PROVIDED EDUCATION<br />
TO CFOS, DEPARTMENT<br />
MANAGERS, AND<br />
WORKFORCE MEMBERS<br />
ABOUT PROTECTING FILES<br />
THAT CONTAIN SOCIAL<br />
SECURITY NUMBERS WHEN<br />
SAVING, EMAILING, AND<br />
PRINTING<br />
• IMPLEMENTING <strong>THE</strong><br />
ACCESS REVIEW TOOL (ART)<br />
SOLUTION THAT AUTOMATED<br />
MONITORING OF USER<br />
ACTIVITY IN MEDITECH,<br />
HCARE PORTAL, AND HPF<br />
TO IDENTIFY AND TRIGGER<br />
REVIEW OF POTENTIALLY<br />
INAPPROPRIATE ACCESS<br />
EVENTS<br />
• BLOCKING MORE THAN 1,300<br />
MALICIOUS WEB EVENTS<br />
AND 6,000 MALICIOUS EMAIL<br />
ATTACHMENTS<br />
80<br />
81
Change language