US Hospital Achieves Mobile HIPAA Compliance

Case Study

This hospital system with approximately 7,000 employees was located in the Southeastern United States and needed a solution for HIPAA compliance on personal mobile devices. According to the Department of Health and Human Services, 70% of data breaches in healthcare are the result of lost or stolen devices.

The incumbent mobile security solution in this firm was AT&T Toggle, which was made obsolete after Google acquired the source company Divide. The compliance team at the hospital wanted a replacement that was secure yet easy to use and transparent to users.

After their experience with Toggle, they were particularly wary of solutions that required software on BYOD. A second criterion for the solution was the ability to support migration to Office 365, which was looming in the near term. The compliance team tested Bitglass' cloud access security broker (CASB), MobileIron, and AirWatch on the same user group of executives. Bitglass ranked highest with both the users and the compliance team.

Only Bitglass' CASB enables complete audit of all data flowing to any BYO device. It provides configurable PHI data patterns for alerts, plus advanced PHI patterns to control the bulk transfer of PHI. Bitglass also provides selective wipe of hospital data, enforces device PIN and encryption, and blocks cloud-enabled rogue email clients without invading user privacy; all with zero software installed on mobile devices.

Consequently, Bitglass' solution was easy for this hospital to deploy to achieve real-time inline data protection on personal devices.

“After comparing the leading mobile security solutions, we found that only Bitglass combines usability, privacy and security in a single package. Best of all, no software needed on BYOD.”

—VP Compliance, State Health System