HIPAA-Compliant Secure Information Exchange for Salesforce
Customer Services Representatives (CSRs) and other CRM users often use the email functionality built into Salesforce for external communications. This activity may involve exchanging sensitive information that qualifies as personally identifiable information (PII) or protected health information (PHI) protected by HIPAA privacy and security regulations.
HIPAA compliant secure information exchange for Salesforce users is best addressed by integrating a secure messaging solution such as DataMotion SecureMail that guarantees encrypted exchange with both mobile and non-mobile interfaces. Content filtering and related features such as Data Loss Protection (DLP) and de-identification can also be provided using the DataMotion SecureMail Gateway.
There are two integration methods as shown in the use cases below:
- Integration into Salesforce can be provided via the Salesforce UI, or via an application written to the Salesforce SDK.
- Integration with SecureMail can be provided via the DataMotion SecureMail web portal UI, or via an application written to the DataMotion Web Services APIs.
Use Case 1: Securely sending information out of Salesforce
An employee of a health insurance company needs to send a document to a subscriber using Salesforce as a CRM. Sensitive health information is contained within this document that is normally communicated via direct phone call to the subscriber for privacy reasons. These phone calls can be time consuming, and inhibit the rate at which the employee’s daily tasks can be accomplished.
In this example, integration with Salesforce and SecureMail is accomplished via the respective web portals of both services. The DataMotion SecureMail Gateway (server software) shown in the diagram performs the role of a content filter that inspects the content of outgoing messages and determines if they need to be sent securely or if any of the data inside the messages needs to be de-identified. All outgoing messages are routed through the SecureMail Gateway, which is deployed in a private or public cloud as virtualized server software.
When the employee (CSR) sends a secure message via the Salesforce web portal (step 1), a check is performed by SecureMail to determine if the intended recipient of the message accepts TLS delivery. If the recipient does accept TLS, then the message sent by the CSR arrives in the recipient’s inbox protected via TLS encryption (step 2). If TLS delivery is not an option, the message is routed for encryption on the DataMotion SecureMail platform (step 3) and the recipient receives a notification email with a link to the DataMotion SecureMail web portal (step 4), where they can securely retrieve the message with a simple login (steps 5&6).
Use Case 1 requires the least amount of customization of both Salesforce and DataMotion SecureMail.
Use Case 2: Email-to-case from a mobile app into Salesforce UI
An insurance company subscriber is on the road and needs to make a quick request regarding a recent claim. The subscriber only has access to a smartphone at the time.
In the use case illustrated in Fig.2, the subscriber initiates an email-to-case transaction with a insurance company CSR from the insurers mobile app (step 1). Driven by DataMotion Web Services APIs, the message gets delivered securely via the DataMotion Platform into Salesforce (step 2), where the message is replied to by the CSR with the Salesforce Thread ID embedded in the message (step 3). The message is then delivered securely to the customer’s mobile device via the DataMotion platform (step 4). In all subsequent correspondence, the Thread ID is preserved inside the message so Salesforce can track it.
In Use Case 2, integration with Salesforce is accomplished via its web portal UI because it provides all the required functionality. In order for the subscriber to use the insurers mobile app to exchange claim information securely, integration with SecureMail is accomplished via the DataMotion Web Services API – it’s an encrypted connection so there is no concern about TLS delivery into the customer’s mailbox.
Use Case 3: Email-to-case from a mobile app into Salesforce app
This use case is similar to the one described above, except that the insurance CSR is provided with a custom application developed to the Salesforce SDK due to specific requirements that cannot be addressed by the Salesforce UI.
The sequence of steps for this use case is similar to the one described in Fig. 2, except that the Salesforce integration is handled by the application developed to the Salesforce SDK to satisfy the CSR workflow and client requirements.
For more information on this solution, download the whitepaper below, or contact sales to request a consultation.