Case Study: Geisinger Health System achieves HIPAA-compliant EMR security with QualysGuard (Qualys)

Bringing HIPAA Compliance to an Electronic Medical Record System

Geisinger Health System is a regional Pennsylvania healthcare provider serving 2.3 million people with 8,500+ employees, dozens of clinics and a large electronic medical record (EMR) program built with more than $68M in investment. Faced with HIPAA security and privacy requirements, Geisinger needed a practical, economical way to audit, remediate and document the security of a complex network that included 435+ applications (about 70 tied to the EMR) and multiple web portals for patients and clinicians.

Geisinger implemented QualysGuard’s automated vulnerability management service and internal appliances to run on-demand scans, prioritize and track remediation, and produce comprehensive audit reports. Weekly automated scans reduced manual effort, improved accuracy, supplied evidence for external HIPAA audits, cut vulnerability-management costs substantially, and helped ensure the confidentiality and integrity of electronic patient records.

Geisinger Health System

Jaime Chanaga

CISO