Case Studies Stillwater Medical Center

Stillwater Medical Center

DataMotion utilizes the DataMotion secure email content filter to automatically protect healthcare communications and increase compliance with HIPAA/HITECH regulations for Stillwater Medical Center.

Email Encryption
Healthcare

Background

The Stillwater Medical Center is a non-profit accute care general hospital in north central Oklahoma and has been selected 3 years in a row as one of Modern Healthcare’s Top 100 Best Places to Work in Healthcare. The 119 bed hospital is a regional health center for the area, providing a full range of services for its patients. Located in Stillwater, Oklahoma, the Medical Center’s systems and information technology staff report to the Chief Information Officer and include 12 systems analysts and 8 technical support analysts. Stillwater uses a Microsoft Exchange on-premise email server managed by their in-house IT group.

 

Challenges

Stillwater Medical had been a long time customer of the DataMotion secure mailbox solution. Prior to switching to the secure mailbox, users and recipients often had to exchange certificates making email encryption difficult and cumbersome or IT staff would create password-protected, self-decrypting executable files for users to send as email attachments. Secure email gave selected employees the ability to choose to encrypt certain email messages containing PHI on an as-needed basis and was very easy to use and IT staff no longer needed to create executable files to enable the secure transmission of PHI.

 

However, with HITECH giving HIPAA regulations more ‘teeth’ (including OCR audits) the hospital wanted to expand their usage to automatically monitor all of their outbound email for PHI. A risk analysis showed that installing a DLP (Data Loss Prevention) system would be a cost-effective solution.

The Solution

DataMotion Secure Email Content Filter

Stillwater decided to expand its use of DataMotion solutions across the organization by implementing Secure Email Content Filter as a DLP system.

In addition to manually encrypting selected messages, our Content Filter automatically identifies emails with PHI and encrypts them. A layer of automated filtering prevents human error from resulting in sensitive data leaks.

Optimized IT Resource Use

Using less resources, Stillwater has the same security standards as larger hospitals.

Automatic Detection

Secure Email Content Filter automatically scans emails for PHI and other sensitive information, encrypting them when needed.

Customizable Email Protection

IT staff can customize Content Filter’s coverage with powerful rule sets based on internal policies. Custom rules allow IT to prevent false positives that lead to unnecessary encryptions, like when basic financial information matches patient data.

Automated Feedback

Stillwater decided to expand its use of DataMotion solutions across the organization by implementing Secure Email Content Filter as a DLP system. In addition to manually encrypting selected messages, our Content Filter automatically identifies emails with PHI and encrypts them. A layer of automated filtering prevents human error from resulting in sensitive data leaks.

Expanded Security and Compliance

Secure Contact Solutions

IT staff can customize Content Filter’s coverage with powerful rule sets based
on internal policies. Custom rules allow IT to prevent false positives that lead to unnecessary encryptions, like when basic financial information matches
patient data.

No Unnecessary Encryption 

Stillwater now communicates more efficiently by encrypting only selected data.

More Employee Confidence

Employees are now much more confident that sensitive emails are protected.
How We Improve Stillwater Medical Center’s Efficiency

Stillwater’s Journey to Security and Compliance

Challenges

Stillwater Medical Center faced several challenges related to HIPAA/HITECH compliance, false positives, and workflow efficiency when exchanging data containing PHI and other sensitive information. Our secure mailbox solution streamlined encryption, but Stillwater was still at risk of non-compliance.

Assessment

Our risk assessment determined that, in addition to manually encrypting emails, Stillwater staff needed a layer of automatic scanning and filtering to make exchanging sensitive information easier and prevent human error from risking further non-compliance. A Data Loss Prevention (DLP) system would help fortify security and ensure compliance.

Planning

Stillwater decided to implement DataMotion’s Secure Email Content Filter as a DLP system to address their compliance and security needs. Content Filter automatically identifies and encrypts emails containing sensitive information, reducing the risk of sensitive data leaks.
The hospital also decided to use our Secure Contact Us feature to facilitate secure communication with external organizations.

Implementation

Integration into Stillwater’s existing email system was seamless, smoothing the transition and helping the staff quickly adopt a more agile, automated workflow.

Results

Stillwater enjoys the encryption and compliance standards of larger hospitals using a fraction of the resources. Customizable rule sets allow IT to prevent false positives (unnecessary encryption), automated feedback expands security awareness, and Secure Contact Us extends Stillwater’s secure email environment to external organizations and individuals.

Results

  • Greatly reduced PHI exposure from email communications
  • Increased compliance with HIPAA/HITECH regulations
  • Reduced false positives, increasing user confidence and satisfaction
  • Security enforcement is now measurable.
  • Significantly reduced IT resources needed for outbound email security administration
Data graphics and buildings

“Our client didn’t want to stand up another interface and we agreed; it would add complexity, was cost prohibitive and would be disruptive for both plan members and service reps… There were other tools that could have fit, and we did give them a hard look, but DataMotion had stronger, more flexible technology, a pricing advantage and a proven track record with us.”

Empty Headshot
Vice President of Security and Infrastructure Health Insurance Technology Startup

This Use Case might also interest you

Secure Your Confidential Data. Ensure Compliance.

Contact us to learn more about how our solutions can help your organization achieve its data security and compliance goals.