Laptop stolen with 39,000 Blue Cross physicians information
By Simon Thorpe on Oct 04, 2009
Once again the health care industry is struggling to maintain control over sensitive information. The Boston Globe reported this week that the largest health insurer in Massachusetts, the Blue Cross and Blue Shield association, had to warn 39,000 of it's physicians about the loss of a laptop which contained confidential health information.
Jeff Smokler, national Blue Cross-Blue Shield spokesman, said the insurance giant - roughly 90 percent of physicians nationwide are in its network - encrypts all of its information on company computers, but an employee who was authorized to have the information violated company rules by downloading an unencrypted version onto a personal laptop. The laptop was stolen after the employee left headquarters with it.
This is a perfect example of how Oracle IRM can help create a complete security solution from the database through to documents on the desktop. Using encryption in the database, on the network communication and even on computers part of your organization still leaves you exposed when content is downloaded into documents that can ultimately reside beyond your control. After incidents like the above, many people start implementing hard disk and operating system encryption which only protect the the document at rest. For a complete document and email solution you want to place the encryption at the document level so that no matter where it travels, it is always secure. Oracle IRM uses a combination of industry standard encryption with powerful persistent rights control to ensure that confidential information, such as patient and physician data, can only be accessed by authorized users.
|Even when the information is on a stolen laptop, nobody can access data in documents and emails unless they have been given rights on the Oracle IRM server. In this case an employee violated the rules and copied data to a personal laptop, there may well have been legitimate reasons for doing so. Users want to be able to access information in a variety of ways, people these days are used to very collaborative online environments where it doesn't matter what computer you use, you should have access to your information. Oracle IRM allows your users to copy confidential content to even personal machines and you still retain control over not only their ability to open the document, but also if they can print, edit or copy and paste the information.|
Another crucial element of a complete security solution would be to ensure that the information downloaded from applications is secured by IRM at source. Oracle IRM has a very extensive, yet simple API which allows companies to encrypt and secure information at the point where a user downloads it by integrating IRM with the application. A good example of this is our integration with the Oracle content management system.
Oracle have also spent just as much time in developing an easy user experience as they have in making the technology secure. This means Oracle IRM can be deployed not only to protect your information at the point it's exported from the database in a document, but also to be relatively transparent to the end user. People often don't realize the document has been secured until they try to print or take a screen shot.