Touchstone Security Healthcare Case Study
With CareSight Analytics
CareSight is an advanced reporting and analytics system that works with nurse call, patient monitoring, and alarm management middleware systems. Built around a visually rich modern web interface, the platform provides real-time and historical clinical alarm analysis for use by departmental managers and key executives of hospitals and health systems. CareSight’s dashboards and reports assist organizations looking to optimize safety, reduce alarm fatigue, and streamline workflows.
Assessment and Compliance
The CareSight system is a Microsoft SQL based multi-tiered software platform hosted in AWS. Touchstone Security was called upon in 2017 to assist with the overall architecture and performance of the system. The system was having massive performance and scalability issues. Touchstone began by assessing Caresight Analytics cybersecurity compliance requirements, including its requirements under the HIPAA Security Rule to ensure system changes would be in line with legal requirements. Touchstone then began a comprehensive performance analysis across the entire spectrum of the system, including agents, operating systems, database engines, database schema, communications, website front end, etc.
Our Unique Approach
We then designed an approach in concert with Caresight staff to address AWS Cost concerns, performance bottlenecks, and cybersecurity requirements. We began by optimizing the database servers and enabled us to move from four to two, resulting in substantial performance improvements. In addition, the overall architecture was changed to accommodate AWS Lambda services for stored procedures to further improve performance and enable rapid scalability.
Touchstone was amazing to work with! We had some issues with our systems and integration of new programs. We felt that the security of our systems was not up to the best standards. The CEO, Richard Shinnick, personally came over and evaluated our systems. He was able to pinpoint the holes in our systems immediately and fix any potential issues before they ever happened. One of the best IT Firms I have ever worked with. Thank you Touchstone!
Rich and his team are remarkable. While at Columbia University Teachers College, they helped us plan/implement several large scale projects including ubiquitous wireless deployment and a firewall implementation. Rich has an extensive IT background and is an all around great guy to work with. I recommended that we bring his team in at St. John’s as well. They were able to come in, assess the situation, and provide the same fantastic results. I highly recommend Rich and his team.
Rich brings solid IT security experience along with immense integrity in the work he has performed for IntegraMed. All of his projects were completed on time and within budget. His track record of delivering reliable concept to reality projects under the pressures of a high availability and heavily compliant environments precedes him. I endorse Rich personally and professionally and look forward to working with him again on future projects.
Rich is deeply technical and very thorough, but most of all he is a very honest person. He can make any technical jargon simply to understand in layman terms and help you understand what he is proposing so all know the benefits that is being recommended and implemented. I would work with Richard again on any project initiative that I maybe involved in the future.
We needed a security sharpshooter to assist with responding to the stringent requirements of a major academic healthcare system based on a comprehensive audit of our platform. Touchstone expertly facilitated our response and created the missing programs and policies necessary to satisfy our needs.
Touchstone Security specialists completely blew away our most experienced and technically strong managers and some of our best people in infrastructure and security. Richard was in their words “a perfect 10.” He not only addressed the issues we asked him to look at but identified other areas of improvement in our security posture. Our team rated them “a perfect 10”!
The Conclusion
Finally, Touchstone Security made numerous cybersecurity enhancements to Caresight’s IT infrastructure and worked to ensure that all changes reflected security best practices and were fully compliant with HIPAA. At the end of the project, Caresight Analytics had a scalable, cost-efficient, and highly secure environment that enabled them to further expand their SaaS offerings without concerns over outages or compliance.