HIPAA Compliance & Data Loss Prevention – Automatic for the People!
This blog has nothing to do with R.E.M.’s album, except that ‘Automatic for the People’ seemed like a perfect title for it. If you were drawn in by that obscure reference because you too are an R.E.M. fan – great! You can listen at the link above while you read the blog!
We just published a terrific success story from Stillwater Medical Center, which highlights the value of implementing an email policy gateway as part of an overall HIPAA data loss prevention policy. Often we hear that encryption and security policies that depend on staff cooperation are circumvented for various reasons – sometimes its expediency, sometimes it’s just human error. In our annual survey, 73% of healthcare providers responding believe that security policies are either not well understood, circumvented or otherwise not being followed – ouch!
The CIO at Stillwater was pained about this issue too – and engaged DataMotion to help him address it. The solution was to combine our SecureMail Gateway and SecureMail Desktop solutions to give Stillwater a manual and automatic email encryption process to help ensure HIPAA email compliance and data loss prevention for the medical center – with great success!
Automatically encrypting email requires policies and rule sets to be established in the gateway. The automated process scans every email and attachment for content that matches the rule sets. Matches are sent to the SecureMail service for encryption (as well as advising the sender). While our SecureMail Gateway comes with predefined rule sets for HIPAA and other regulations – organizations often need to fine tune the rules to fit their operations, and reduce ‘false positives’ that can force encryption unnecessarily.
One of the unique capabilities of the SecureMail Gateway is the ability to do exact matching, and for the IT staff to make their own templates for data matching as needed. It’s fine tuning that makes the solution work best – and it’s something that the Stillwater team found both easy to do, and really valuable for the HIPAA compliance application.
And now – effective data loss prevention via email encryption is ‘automatic for the people’ at Stillwater Medical Center. Michael Stipe and his fellow R.E.M.ers would approve I think.