A national health system with a strong academic presence and reputation engaged Concord to stand up a cyber security capability. Concord assisted the system in maturing its overall IT and data compliance disciplines.
The client’s clinical and research domains expanded their activities to include patient treatment and biometric data from RFID, wearable devices, and other connected sources. Data issues surfaced when the extended network devices needed to be integrated in the broader clinical and research workflows without compromising patient safety or exposing data stores to breaches. Concord undertook the challenge by applying best of breed program delivery, cyber security, compliance, and data management know-how.
• Devised a holistic cyber security capability accounting for process and people changes to include extended networked devices.
• Built vendor assessment and qualification processes to enable quicker determination of capabilities and repeat assessments.
• Created a blueprint for the secure, real-time ingestion of non-traditional data sources utilized in analytics and visualization tools.
• Architected a security information and event management (SIEM) solution, including a full complement of identity, data, and privacy management tools.
• Extending SIEM solution into Governance, Risk, Compliance (GRC) and Data Loss Prevention (DLP) areas.
• Standing up a Big Data Lake to fuse legacy clinical research and non-structured data for richer insights.
• Enabled client to standardize and quickly qualify new vendors through cyber security processes.
• Enabled ingestion of unstructured data and integration with structured research databases for faster insights.
• Achieved compliance and regulatory reporting consistency across Payment Card Industry (PCI), Protected Health Information (PHI), Personally Identifiable Information (PII), HIPAA, and HITRUST data in a fraction of Ɵ me and cost as compared to previous solutions.