* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/) * [Healthcare](https://origin-researchcenter.paloaltonetworks.com/blog/category/healthcare/) * Healthcare: Better, Simpl... # Healthcare: Better, Simpler EHR Security With Application Level Control [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F04%2Fhealthcare-better-simpler-ehr-security-application-level-control%2F) [](https://twitter.com/share?text=Healthcare%3A+Better%2C+Simpler+EHR+Security+With+Application+Level+Control&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F04%2Fhealthcare-better-simpler-ehr-security-application-level-control%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F04%2Fhealthcare-better-simpler-ehr-security-application-level-control%2F&title=Healthcare%3A+Better%2C+Simpler+EHR+Security+With+Application+Level+Control&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2014/04/healthcare-better-simpler-ehr-security-application-level-control/&ts=markdown) \[\](mailto:?subject=Healthcare: Better, Simpler EHR Security With Application Level Control) Link copied By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks") Apr 28, 2014 3 minutes [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown) [Vertical](https://www.paloaltonetworks.com/blog/category/vertical/?ts=markdown) [App\_ID](https://www.paloaltonetworks.com/blog/tag/app_id/?ts=markdown) [Compliance](https://www.paloaltonetworks.com/blog/tag/compliance/?ts=markdown) [EHR](https://www.paloaltonetworks.com/blog/tag/ehr/?ts=markdown) [healthcare](https://www.paloaltonetworks.com/blog/tag/healthcare-2/?ts=markdown) During our [recent Ignite conference](https://www.paloaltonetworks.com/blog/2014/04/watch-ignite-2014-presentations/), we discussed security challenges specific to healthcare with customers who've used our technology for several years, as well as organizations who are in the process of re-evaluating how to approach security in light of the digital revolution that's taking place in the healthcare market. In the healthcare environment you need to strengthen security, facilitate compliance with regulations such as HIPAA, and regain control of your network infrastructure resources. Below are three best practices that I wanted to share because all three make the case for [application level visibility and control](https://www.paloaltonetworks.com/products/technologies/app-id.html). **(1)** **Application level control is better than port-based control** EHR systems transport and store Patient Healthcare Information (PHI), which is highly regulated -- privacy of data and security is paramount for such deployments. While data is encrypted in most EHRs, it's not unusual for healthcare application vendors to request that an unusually high number of ports be open for their application to function properly. This leaves too many opportunities for malicious traffic to intrude into your network. The only way to remediate such exposure is to deploy application level control as provided by our next-generation firewall. **(2) Network segmentation based on applications better isolates PHI data and facilitates compliance** The list of applications, protocols and systems that are legitimate in a PHI environment should be well defined. By enforcing access at the application level you can more easily streamline your security: block everything but the few applications and systems allowed into the PHI environment. Our next-generation firewall also allows you to apply policies based on users and content/payload providing the most granular level of control available on the market today. User and application level visibility also happens to match the granularity needed by compliance audits, which makes the whole audit process a lot simpler. **(3)** **Application level visibility improves quality of service and minimizes illegitimate traffic** Many healthcare facilities experience high bandwidth consumption (up to 40% of all traffic) from consumer applications such as online video and gaming that are brought into their facilities by staff and patients. Application-level visibility is the first step to understanding which applications clog your network and how you can work with your administration and HR staff to enforce tighter policies and rein in the use of your network resources for purposes other than the business of healthcare. Healthcare has a unique set of security challenges, but you can directly apply the above arguments to any other sector with sensitive data such as organizations with credit card environments subject to the PCI DSS compliance. A recent survey [research from Verizon on PCI DSS compliance](http://www.verizonenterprise.com/pcireport/2014/) highlights the obsolescence of port-based control in favor of application level. Learn more about [Palo Alto Networks solutions for healthcare](https://www.paloaltonetworks.com/solutions/industry/healthcare.html). *** ** * ** *** ## Related Blogs ### [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown) [#### How Zero Trust Accelerates a More Secure Infrastructure for Healthcare](https://origin-researchcenter.paloaltonetworks.com/blog/sase/how-zero-trust-accelerates-a-more-secure-infrastructure-for-healthcare/) ### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown) [#### Healthcare Hot Seat: 3 Things to Remember About Cloud Compliance](https://origin-researchcenter.paloaltonetworks.com/blog/2019/02/healthcare-hot-seat-3-things-remember-cloud-compliance/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Why Integrated File Integrity Monitoring Matters for Elevating Your Security](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/why-integrated-file-integrity-monitoring-matters-for-elevating-your-security/) ### [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### Curb Healthcare Costs --- Can Cybersecurity Platformization Help?](https://origin-researchcenter.paloaltonetworks.com/blog/2025/02/curb-healthcare-costs-can-cybersecurity-platformization-help/) ### [IoT](https://www.paloaltonetworks.com/blog/category/iot/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### IoMT Security Is Critical as Patients Take Control of Own Healthcare](https://origin-researchcenter.paloaltonetworks.com/blog/2025/01/iomt-security-is-critical/) ### [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### 5 Trends Shaping Healthcare Cybersecurity in 2025](https://origin-researchcenter.paloaltonetworks.com/blog/2025/01/5-trends-shaping-healthcare-cybersecurity-in-2025/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language