PROTECTING PERSONAL INFORMATION IN HEALTHCARE cont. Implementing a Pure Storage FlashArray can both improve performance and lock down any HIPPA or HITECH vulnerabilities right from the start. To protect data internally as well as from external snooping, saved and protected just like anything else stored with the the Pure Storage FlashArray uses robust role-based access FlashArray, this can either be done immediately or at a later control (RBAC), which brings it into compliance with HIPPA. All time as part of an investigation. RBAC accounts are tied to system administrators, so that only Implementing a Pure Storage FlashArray for organizations users with storage administration rights can give access to any application or host. No regular user can modify permissions to working within the healthcare field can both improve gain access to content they should not be able to see under performance and lock down any HIPPA or HITECH HIPPA regulations. vulnerabilities right from the start. This won’t preclude additional security being added to the system, but full But even administrators, with their ability to control access, are AES-256-bit encryption, role-based access control and the not completely unregulated. Administrators of the FlashArray generation of a complete audit trail means that personal can also be set up according to their roles, so that just because information will be kept secure from any unauthorized eyes. someone has administrator privileges doesn’t mean they have full access to everything protected by the system. They might be able to configure the system or troubleshoot issues, but can be denied the ability to read or capture protected information stored inside. The FlashArray also automatically produces a complete audit trail of everything that goes on within the system, satisfying another HIPPA mandate. All configurations are logged into the system as well as any changes that are made. That way anyone attempting to change access permissions, even an IT administrator, has that action logged and time stamped. Security officials monitoring the system can then choose to examine suspicious activity. And because the information is © Pure Storage 2014 | 4