Background
The Stillwater Medical Center is a non-profit accute care general hospital in north central Oklahoma and has been selected 3 years in a row as one of Modern Healthcare’s Top 100 Best Places to Work in Healthcare. The 119 bed hospital is a regional health center for the area, providing a full range of services for its patients. Located in Stillwater, Oklahoma, the Medical Center’s systems and information technology staff report to the Chief Information Officer and include 12 systems analysts and 8 technical support analysts. Stillwater uses a Microsoft Exchange on-premise email server managed by their in-house IT group.
Challenges
Stillwater Medical had been a long time customer of the DataMotion secure mailbox solution. Prior to switching to the secure mailbox, users and recipients often had to exchange certificates making email encryption difficult and cumbersome or IT staff would create password-protected, self-decrypting executable files for users to send as email attachments. Secure email gave selected employees the ability to choose to encrypt certain email messages containing PHI on an as-needed basis and was very easy to use and IT staff no longer needed to create executable files to enable the secure transmission of PHI.
However, with HITECH giving HIPAA regulations more ‘teeth’ (including OCR audits) the hospital wanted to expand their usage to automatically monitor all of their outbound email for PHI. A risk analysis showed that installing a DLP (Data Loss Prevention) system would be a cost-effective solution.
Complying with HIPAA/HITECH for PHI
Ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act
Preventing False Positives
Reduce the risk of false positives (unnecessary encryption)
Overcoming Inefficient Encryption Methods
Automatically monitor all employees’ email communications for PHI (Protected Health Information) and encrypt as needed
Certificate-Free Exchange
Eliminate the need to exchange certificates
Simple Implementation
Be simple to implement and administer with no need for recipient software
User-Friendly Interface Design
Be intuitive to use for recipients and users
DataMotion Secure Email Content Filter
Stillwater decided to expand its use of DataMotion solutions across the organization by implementing Secure Email Content Filter as a DLP system.
In addition to manually encrypting selected messages, our Content Filter automatically identifies emails with PHI and encrypts them. A layer of automated filtering prevents human error from resulting in sensitive data leaks.
Optimized IT Resource Use
Automatic Detection
Customizable Email Protection
IT staff can customize Content Filter’s coverage with powerful rule sets based on internal policies. Custom rules allow IT to prevent false positives that lead to unnecessary encryptions, like when basic financial information matches patient data.
Automated Feedback
Stillwater decided to expand its use of DataMotion solutions across the organization by implementing Secure Email Content Filter as a DLP system. In addition to manually encrypting selected messages, our Content Filter automatically identifies emails with PHI and encrypts them. A layer of automated filtering prevents human error from resulting in sensitive data leaks.
Secure Contact Solutions
IT staff can customize Content Filter’s coverage with powerful rule sets based on internal policies. Custom rules allow IT to prevent false positives that lead to unnecessary encryptions, like when basic financial information matches patient data.
No Unnecessary Encryption
More Employee Confidence
Stillwater’s Journey to Security and Compliance
Challenges
Stillwater Medical Center faced several challenges related to HIPAA/HITECH compliance, false positives, and workflow efficiency when exchanging data containing PHI and other sensitive information. Our secure mailbox solution streamlined encryption, but Stillwater was still at risk of non-compliance.
Assessment
Our risk assessment determined that, in addition to manually encrypting emails, Stillwater staff needed a layer of automatic scanning and filtering to make exchanging sensitive information easier and prevent human error from risking further non-compliance. A Data Loss Prevention (DLP) system would help fortify security and ensure compliance.
Planning
Stillwater decided to implement DataMotion’s Secure Email Content Filter as a DLP system to address their compliance and security needs. Content Filter automatically identifies and encrypts emails containing sensitive information, reducing the risk of sensitive data leaks.
The hospital also decided to use our Secure Contact Us feature to facilitate secure communication with external organizations.
Implementation
Integration into Stillwater’s existing email system was seamless, smoothing the transition and helping the staff quickly adopt a more agile, automated workflow.
Results
Stillwater enjoys the encryption and compliance standards of larger hospitals using a fraction of the resources. Customizable rule sets allow IT to prevent false positives (unnecessary encryption), automated feedback expands security awareness, and Secure Contact Us extends Stillwater’s secure email environment to external organizations and individuals.
Results
- Greatly reduced PHI exposure from email communications
- Increased compliance with HIPAA/HITECH regulations
- Reduced false positives, increasing user confidence and satisfaction
- Security enforcement is now measurable.
- Significantly reduced IT resources needed for outbound email security administration
“Our client didn’t want to stand up another interface and we agreed; it would add complexity, was cost prohibitive and would be disruptive for both plan members and service reps… There were other tools that could have fit, and we did give them a hard look, but DataMotion had stronger, more flexible technology, a pricing advantage and a proven track record with us.”
This Use Case might also interest you
Secure Your Confidential Data. Ensure Compliance.
Contact us to learn more about how our solutions can help your organization achieve its data security and compliance goals.