Healthcare Cyber-Physical Identity & Access Management

Beyond compliance - managing risk for the healthcare enterprise.

Delivering quality healthcare is a combined effort requiring close cooperation between provider networks, hospitals, medical specialties as well as lab and testing services. Add to this the dimension of prescription management, pharmaceutical supply chain and retail pharmacy. The claims and delivery management systems for health insurance carriers, HMOs and PMOs all need access to medical records.

Patient information must flow seamlessly across all delivery organizations and health insurers. Regulations like HIPAA and industry best practice frameworks like HITRUST require that primary healthcare providers not only vigorously protect patient privacy, but also take responsibility for enforcing the same standards of Security and Safety due diligence for their partner providers.

AlertEnterprise Solutions

  • Real-time validation of certification and credentials during access provisionin

  • Manage deprovisioning process and cross-linkage of access termination from multiple systems simultaneously – physical, logical and operational

  • Identify compliance gaps in real-time and suggest remedial actions to remain in compliance with HIPAA, Sarbanes-Oxley, NIST SP800-xx, PCI and ISO-2700x standards
  • Identification of risks based on validating employee and contractor access to critical applications and healthcare facilities

  • Enforcement of security policies and procedures across vendor and partner ecosystems following HITRUST provisions

  • Visual risk and remediation modeling with ability to display key assets on geo-spatial maps with drill-down details on event and asset criticality; ability to integrate physical security alerts and surveillance video

Regulations & standards.

Potential costs for violations and non-compliance can be extraordinary.

Compliance & Auditing
PCI Requirements

$7,500

Get active enforcement with a configurable rules engine and automate compliance management. Meet requirements for HIPAA, TSA, NERC CIP and more.

Compliance & Auditing
HIPPA Violation

$1.5M

The amount the organization could be expected to pay per year per finding related to HIPPA compliance violations.

Compliance & Auditing
Sarbanes-Oxley Act

$5M

The amount the organization could be expected to pay in the event of a SOX compliance violation.

Data Breach – General
P

$7.35M

The average cost of a data breach of PCI, PHI, PII, etc. data due to malicious or criminal cyber / insider attacks, system or human errors. – Ponemon Institute Research, 2017

Insider Threat
H

$8.78M

The average total cost of insider threat and careless or negligent employees and contractors are the root cause of most incidents. –Ponemon Institute Research, 2018

Compliance & Auditing
Loss of Business/Contract

$10M

While the total cost is unknown, depending upon the type of breach or violation, a healthcare enterprise could be at risk of losing existing business and new business should its reputation related to protecting data be damaged.

Active policy enforcement for IT and building access.

Hundreds of access points, thousands of employees and scores of service provider organizations make up the extended healthcare enterprise. Determining risk to this broad enterprise involves managing roles and critical access for each. Do employees or contractors have the right training and certification to access personal health information? Safeguarding confidential personal health and financial information also means monitoring who has physical access to the records. Did the badge access and system access for terminated employees get turned off at the right time? 
 
AlertEnterprise software delivers real-time integration of Identity Access Governance with Physical Access Control and Human Resource applications. The converged security approach automates policy enforcement and compliance, helping you automatically validate employee background checks, training and certification, authorization to view patient information and other vendor services. 

The integrated AlertEnterprise solution.

AlertEnterprise integrates with multiple Physical Access Control Systems (PACS), ERP Systems, HR systems, Patient Records Management, Clinical Systems, Pharmacy Management Systems and other critical applications found in hospital and other healthcare environments.

You’ve identified the risk, now what? AlertEnterprise delivers next steps.

Identifying the risks alone is not enough. Organizations need to make sure that immediate steps are being taken to mitigate risks. AlertEnterprise automates remediation and helps you to analyze risks, and visualize remediation paths before taking action. Business analysts, IT security and physical security teams can collaborate visually and implement the next steps – which may include reviewing correlated risk recommendations for selected employees and removing physical access to certain parts of the facility or system access to certain applications that contain sensitive data.

Unique Customer Benefits

  • Training, PRA compliance
  • Certification requirements
  • Healthcare Content Packs: SOX, GDPR, HIPAA, HITRUST, Health Level 7 (HL7) Integration
  • Full audits controls and chain of custody
  • Access review and recertification
  • Immediate badge deactivation and access removal for offboarding, termination and expired training/certification
  • Access rights and approvals to secure areas
  • Visitor screening and approvals
  • Risk-based security controls
  • Unique identity / reconciliation of IT and Physical Security
  • Segregation of duties
     – Privilege users
     – Secondary approvals
  • Segregation of data
     – Privacy / Encryption
     – Secondary approvals
  • Eliminate access creep
  • Eliminate orphan accounts
  • Automate manual data entry
  • Automate manual paper process
     – HR driven
     – Access requests
  • Eliminate duplicates, errors
  • Streamline badge operation
  • Improve security investigation
  • Leverage existing investments
  • Partner Channel Access Management with Self-Service Portal

Take the first step to greater hospital safety.

Your facility’s staff, patients and visitors will thank you.

David Cassady

Chief Strategy Officer

David Cassady has been selling and leading teams in Silicon Valley for more than 30 years. During that time, he’s led a mix of established software players and startups. Cassady has also been involved with five IPOs — and at least as many acquisitions. 

As Chief Strategy Officer, David leverages his extensive experience helping software businesses drive growth through deep and impactful partnerships with the world’s most successful SaaS providers like ServiceNow, Microsoft and SAP. 

Mark Weatherford

Chief Security Officer
Senior Vice President, Regulated Industries

Mark Weatherford brings years of high-level cyber-physical expertise to AlertEnterprise, and as Chief Security Officer (CSO), he guides the strategy of data management and protection by advising cyber-physical security policies and procedures within the company. Weatherford also works in liaison with businesses and executive professionals in the cyber and physical security industries to further accelerate security convergence adoption.

Mark has held numerous high-level cyber-centric positions, including Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC), the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity under the Obama administration, California’s first Chief Security Officer, and the first CISO for the state of Colorado.

Harsh Chauhan

Chief Technology Officer

As Chief Technology Officer (CTO) of AlertEnterprise, Harsh Chauhan is responsible for the company’s engineering technology innovation and solution delivery. A 20-year technology veteran and leader, Chauhan is focused on the growth of the company’s 3D Governance Risk Compliance (GRC) hyperscale cloud platform.

He also continues to develop integrated solutions with leading technology partners like SAP, SAP NS2, and ServiceNow. Before AlertEnterprise, Mr. Chauhan held multiple CTO positions, as well as Product Owner and Head of Development at SAP GRC 10.0, delivering targeted solutions to high-profile SAP clients.

Ruby Deol

Chief Operations Officer

Ruby Deol oversees all business units at AlertEnterprise. With more than 20 years of experience in global sales and support services, Deol nurtures existing client relationships with a customer-first approach. As AlertEnterprise continues to grow in industry recognition and stature, Deol is charged with developing and implementing methods to meet organization goals and facilitate the company’s ongoing transformation.

Kaval Kaur

CFO and Co-Founder

As Chief Financial Officer (CFO) and Co-Founder of AlertEnterprise, Kaval Kaur leads all finance and administrative back-office operations. Kaur is a member of the national professional organization American Institute of Certified Public Accountants (AICPA) and the California State CPA Society.

Prior to joining AlertEnterprise, she was the CFO and Co-Founder of Virsa Systems, a position she held until its acquisition by SAP.

Kaur is a philanthropist at heart, embracing the diversity of the San Francisco Bay area by assisting with and promoting special cultural events. She recently sponsored 2,000 public schools in rural India to advance computer literacy skills for children and is a foster mother to a 10 year old.

Jasvir Gill

Founder and CEO

Leading the charge of digital transformation and security convergence is Jasvir Gill, Founder and CEO of AlertEnterprise, Inc. An accomplished engineer by trade, Gill is driving the long-overdue digital transformation of the physical security industry.

Prior to launching AlertEnterprise, Gill was the founder and CEO of Virsa Systems, where he grew the company into a global leader of application security software. An early pioneer in establishing governance, risk and compliance as a software market segment, he drove exponential growth at Virsa, facilitating its acquisition by SAP in 2006.

In his free time, Jasvir helps drive social and economic empowerment in the community. He’s also a trustee at the American India Foundation.