Data Breach Response & Caldicott Compliance

The Challenge

Ensuring compliance with regulatory requirements is a challenge for any company. The healthcare industry faces particular scrutiny ensuring patient information is secure, and confidentiality is not compromised. Similar to the Health Insurance Portability and Accountability Act (HIPPA) in the United States, St. Margaret’s Somerset Hospice must conform to Caldicott principles, a set of guidelines established in England and Wales to ensure National Health Service (NHS) patient information remains secure and confidential.

How Did We Help

In the wake of a disconcerting data breach, implementing computer activity monitoring software became a top priority of St. Margaret’s management. “The first program we tried was based on Windows auditing, and it was a dismal failure,” said Middleton. “Then we noticed Veriato 360. We worked with Veriato in the UK, setting up a demo, which looked good. We followed that with a trial to ensure Veriato 360 met our needs in action, and it did.”

The Results

Since purchasing Veriato 360, St. Margaret’s Somerset Hospice also revealed instances of intellectual property theft. “One employee transferred data to removable

media and took it when they left their job. The data was completely gone. They actually took the ONLY copy of a document in existence ... on a USB stick,” said Middleton. “Using Veriato 360, we were able to demonstrate it was on removable media. And because we were able to show this, we were able to have it addressed by our legal department.”

“From the beginning, that’s what we were looking for, to be able to see and track actions taken on a specific document,” said Middleton. “Using Search to create an audit trail, to see who might have accessed a specific document, which was the initial request we could not comply with ... until we implemented Veriato 360.”

“Veriato 360 has definitely been worth the purchase and the effort. When you compare it to the price of other software necessary to get a computer up and running in a business environment, it’s priced right. Veriato 360 is part of the overall picture, an essential part of our network.