HIPAA-Compliant Secure Information Exchange for Salesforce

Customer Services Representatives (CSRs) and other CRM users often use the email functionality built into Salesforce for external communications. This activity may involve exchanging sensitive information that qualifies as personally identifiable information (PII) or protected health information (PHI) protected by HIPAA privacy and security regulations.

Solution

HIPAA compliant secure information exchange for Salesforce users is best addressed by integrating a secure messaging solution such as DataMotion SecureMail that guarantees encrypted exchange with both mobile and non-mobile interfaces. Content filtering and related features such as Data Loss Protection (DLP) and de-identification can also be provided using the DataMotion SecureMail Gateway.

Integration Methods

There are two integration methods as shown in the use cases below:

  • Integration into Salesforce can be provided via the Salesforce UI, or via an application written to the Salesforce SDK.
  • Integration with SecureMail can be provided via the DataMotion SecureMail web portal UI, or via an application written to the DataMotion Web Services APIs.

Use Case 1: Securely sending information out of Salesforce

An employee of a health insurance company needs to send a document to a subscriber using Salesforce as a CRM. Sensitive health information is contained within this document that is normally communicated via direct phone call to the subscriber for privacy reasons. These phone calls can be time consuming, and inhibit the rate at which the employee’s daily tasks can be accomplished.

Fig. 1. Sending sensitive information from Salesforce via SecureMail

Fig. 1. Sending sensitive information from Salesforce via SecureMail

In this example, integration with Salesforce and SecureMail is accomplished via the respective web portals of both services. The DataMotion SecureMail Gateway (server software) shown in the diagram performs the role of a content filter that inspects the content of outgoing messages and determines if they need to be sent securely or if any of the data inside the messages needs to be de-identified. All outgoing messages are routed through the SecureMail Gateway, which is deployed in a private or public cloud as virtualized server software.

When the employee (CSR) sends a secure message via the Salesforce web portal (step 1), a check is performed by SecureMail to determine if the intended recipient of the message accepts TLS delivery. If the recipient does accept TLS, then the message sent by the CSR arrives in the recipient’s inbox protected via TLS encryption (step 2). If TLS delivery is not an option, the message is routed for encryption on the DataMotion SecureMail platform (step 3) and the recipient receives a notification email with a link to the DataMotion SecureMail web portal (step 4), where they can securely retrieve the message with a simple login (steps 5&6).

Use Case 1 requires the least amount of customization of both Salesforce and DataMotion SecureMail.

Use Case 2: Email-to-case from a mobile app into Salesforce UI

An insurance company subscriber is on the road and needs to make a quick request regarding a recent claim. The subscriber only has access to a smartphone at the time.

SecureMail_SFDC_Mobile

Fig. 2. Salesforce email-to-case integration with a mobile app using SecureMail APIs

In the use case illustrated in Fig.2, the subscriber initiates an email-to-case transaction with a insurance company CSR from the insurers mobile app (step 1). Driven by DataMotion Web Services APIs, the message gets delivered securely via the DataMotion Platform into Salesforce (step 2), where the message is replied to by the CSR with the Salesforce Thread ID embedded in the message (step 3). The message is then delivered securely to the customer’s mobile device via the DataMotion platform (step 4). In all subsequent correspondence, the Thread ID is preserved inside the message so Salesforce can track it.

In Use Case 2, integration with Salesforce is accomplished via its web portal UI because it provides all the required functionality. In order for the subscriber to use the insurers mobile app to exchange claim information securely, integration with SecureMail is accomplished via the DataMotion Web Services API – it’s an encrypted connection so there is no concern about TLS delivery into the customer’s mailbox.

Use Case 3: Email-to-case from a mobile app into Salesforce app

This use case is similar to the one described above, except that the insurance CSR is provided with a custom application developed to the Salesforce SDK due to specific requirements that cannot be addressed by the Salesforce UI.

Fig. 3. Salesforce email-to-case integration with a mobile app using SecureMail APIs and Salesforce SDK

Fig. 3. Salesforce email-to-case integration with a mobile app using SecureMail APIs and Salesforce SDK

The sequence of steps for this use case is similar to the one described in Fig. 2, except that the Salesforce integration is handled by the application developed to the Salesforce SDK to satisfy the CSR workflow and client requirements.

 

For more information on this solution, download the whitepaper below, or contact sales to request a consultation.

 

Download Whitepaper

 

Featured Customers and Partners

  • Dell
  • Guardian
  • Microsoft
  • Rain Networks
  • Rite Aid
  • SHI
  • Sun Life Financial