Pervasive Health Protects Data with ISO 27001

This case study shows how IT Governance helped Pervasive Health to achieve ISO 27001 certification. Enter your email address at the bottom of this page if you would like a PDF version of this case study. Call us on 00 800 48 484 484 to discuss your own ISO 27001 consultancy requirements.


Pervasive Health Case Study

Handling sensitive health data requires the implementation of rigorous technology, standards and processes. For Pervasive Health, it’s business as usual, as they empower health enterprises and professionals to discover health insight every day. Pervasive Health chose IT Governance to help them gain.

ISO 27001 accredited certification for the organisation’s US and European operations – making their platform the first in the field to achieve this.


Background

Pervasive Health is a US company with a global customer base that provides the breakthrough platform for health, Apervita®. Apervita is powerful and secure, allowing health enterprises and professionals to connect evidence-based insight to health practice anywhere. The platform saves doctors and clinicians time and money with fast, smart access to a unified source of all patient information. Data is natively stored in standard health concepts that any health professional will be familiar with, rather than in proprietary data structures. Any health professional can author, publish, and share health insights on the platform. Health insights take raw health data, and transform that into what you need to know, when you most need to know it. The Pervasive Health team capitalises on experience from multiple industry sectors including healthcare, telecoms, banking, algorithmic trading, and airline. As a result, the Apervita platform is a thoroughbred, incorporating best-of-breed technologies to handle big data, privacy, Personally Identifiable Information (PII), Protected Health Information (PHI), HIPAA, authentication, permissions, auditing, data encryption, global scalability and unified operations management.

Rinaldo Tempo, Information Security Manager at Pervasive Health, was responsible for implementing ISO 27001, working with colleagues in Chicago, an important and growing life sciences hub in the USA. ISO 27001 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Information Security Management System (ISMS). Information and information systems are vital to all organisations. ISO 27001 sets out specific requirements, all of which must be followed, and against which an organisations ISMS can be audited and certified.


Requirements

The nature of the data that Pervasive Health processes and protects on behalf of its clients makes certification to the ISO 27001 a wise move in security and business terms.

Pervasive Health's mantra is to empower health enterprises and professionals to create and share health insights so they can excel every day. At its core, the Apervita platform comprises an integrated health record of all current and historical patient data. It connects this data to a powerful community of computable health insights, authored by partners on the platform. The approach, embodied in the company’s platform, unlocks the value of patient information, unifying the patient journey across care settings and bringing together clinical, financial and operational data and connecting it to a marketplace of health insights.


Process

Pervasive Health contacted IT Governance to provide the consultancy support to create ISO 27001 compliant ISMS. This required the identification of any interfaces and dependencies with functions or services falling outside the scope, and consideration as to how these might be addressed. The exact scope of the project and the objectives for information security which led to the information security policy was determined by Pervasive Health’s senior team with support from IT Governance consultants. This included helping to develop the risk assessment framework required and recommendations for risk acceptance criteria.

The work under this phase of support also assisted Pervasive Health’s Information Security Manager in developing the profile of the project team and an outline project plan. IT Governance provided ‘Mentor and Coach’ consultancy support. In order to comply with the ISO 27001 standard and the Health and Social Care Information Centre (HSCIC) IG Toolkit requirements (formerly the NHS Connecting for Health CTP requirements), an asset based information security risk assessment was conducted. This was achieved through carrying out interviews with asset owners to produce an asset register and then assessing potential risks to the assets. Once the risks were identified and decisions made on how to manage them, a full Risk Treatment Plan was produced, which in turn led to the development of a Statement of Applicability to comply with the standard.

Rinaldo explained that, “Pervasive Health already had strong internal processes to protect data; however, ISO 27001 helped us to consider all the risks that we faced with the benefit of the rigor of what is, we believe, the most demanding security standard.”

Click here to read more »


Next Steps

Pervasive Health intends to actively promote its ISO 27001 certification on its new website and explain to prospective partners why its approach is rigorous and effective.

“The response from our partners has been positive and reassuring,” says Aaron Symanski. “We anticipate gaining more business opportunities and growing faster because we have taken a responsible stand on security in a market that is naturally sensitive to data protection concerns. Pervasive Health is proud to be an ISO 27001 certified organisation and we are looking forward to partnering with IT Governance Ltd to maintain our ISMS.”


Download this case study now

To get a PDF version of this case study enter your email address below and we will send you a copy straight away.
 
top