The Best Practices Series for Health Care discusses the challenges that healthcare providers face in information technology--and the best practices for meeting those challenges. This paper, in particular, focuses on critical infrastructure security.

Practices and services implemented by healthcare providers today that improve quality of care, decrease costs, and retain top talent also foster a distributed business environment. Such practices include providing access to physicians 24 hours a day, 7 days a week; enabling new methods of communication between providers, payers, pharmacies, and patients; and working with off-premises services providers, such as transcription services and interpretation services for radiology digital imaging.

This white paper describes a multifaceted approach to critical infrastructure security for healthcare providers. The foundation of this approach is a comprehensive and automated enterprise security plan. As part of this plan, recommended best practices include performing comprehensive vulnerability and risk assessments; securing endpoints with proactive protection; monitoring and enforcing security on managed and unmanaged endpoints; and minimizing data leakage by securing data at rest, in motion, and in use via USB-connected devices, CDs, email, laptops, mobile devices with large memory cards, and other devices.