Major Healthcare Provider
Achieves Epic System Integrity for Compliance, Security, and Operational Excellence
This major hospital system in the Midwest region of the United States, ranked among the top 100 hospitals in the nation and top 10 for delivering integrated healthcare, provides comprehensive medical and trauma services and embraces innovative technologies like electronic health record (EHR) systems from Epic to deliver optimal patient care and achieve efficiencies. The hospital also manages Epic systems for other healthcare providers. Ensuring the integrity of Epic is critical to the hospital’s business operations, as inaccuracies or unauthorized changes can cause expensive billing errors, disrupt the patient care process with inaccurate diagnoses and prescriptions, lead to system downtime and undermine the trust of critical partners who leverage their implementations. Monitoring change in Epic to prevent misuse or malicious activity was a priority.
Tripwire offers unique monitoring for Epic systems. Tripwire’s automated monitoring allowed us to achieve our first passing audit while minimizing the risk of compromised data.IT Executive Manager
- The hospital’s compliance track record was poor, and the provider needed to pass an audit for IT General Controls—Financial Performance
- Epic system architecture is complex and fluid, making it difficult to track millions of monthly changes
- Complex applications like Epic have a high likelihood of costly errors or downtime due to malicious or accidental changes
- Compliance efforts resulted in concern with the change management process, with a particular focus on insider misuse and unauthorized changes causing inappropriate charging of services (over/undercharges)
- There was no reliable monitoring solution acceptable for the audit
The Epic system includes an internal audit feature to flag the critical master data files and items that must be monitored given the vast amounts of changes that occur in the environment. By exporting this audit data to a relational database, the hospital was able to leverage Tripwire® Enterprise to monitor the critical Epic data to avoid flooding IT with noisy and unhelpful change alerts. Tripwire Enterprise provides consistent monitoring, reducing the gap for a malicious attack or unauthorized change. Tripwire Enterprise is now integrated with the hospital’s IT Service Management solution, ServiceNow, streamlining and validating the authorized and expected change management processes.
- The hospital passed their audit for the first time
- By removing the time consuming effort needed to assess changes, IT productivity increased
- The hospital gained increased confidence and assurance that critical Epic data is secure and there is minimal risk of unauthorized changes to the critical data