Healthcare Regulatory Compliance and Privacy Security
Healthcare privacy compliance regulations are becoming stricter and covering more organizations than ever before. In the United States, not only are healthcare organizations covered now, but their business partners, such as auditing and account firms. Healthcare privacy compliance regulations such as HIPAA /HITECH regulatory compliance continue to evolve with audits becoming more frequent and fines continuing to increase. Movement towards stricter healthcare privacy compliance regulations is occurring all over the world as well, such as FIPPA privacy regulatory compliance affecting healthcare organizations in Canada.
Proofpoint Enterprise Privacy helps healthcare organizations to comply to healthcare regulatory compliance and privacy regulations by ensuring that email carrying patient information is always secured, whether they be blocked from leaving a healthcare organization or in cases where the healthcare information needs to be shared, that it is encrypted before it leaves the organization. Proofpoint Enterprise Privacy can be deployed either on-premise, with physical or completely virtualized appliances, or as a SaaS solution with no change in functionality. Healthcare organizations can maintain their healthcare regulatory compliance to increasingly strict healthcare privacy regulations while reducing costs by moving infrastructure into the cloud.
HIPAA / HITECH email compliance (US): With Proofpoint Enterprise Privacy, ensure that your email systems comply with HIPAA and HITECH healthcare regulatory compliance. Emails that contain electronic Protected Health Information (ePHI) are automatically secured with Proofpoint Encryption. » Learn more about HIPAA/HITECH healthcare regulatory compliance requirements.
- FIPPA Email Compliance (Canada): Comply with FIPPA privacy regulatory compliance requirements by automatically detecting and protecting personal information within emails.
- Email Encryption: Proofpoint Encryption provides easy-to-use email encryption, backed by a strong policy engine that ensures all sensitive healthcare content is protected before it leaves the organization. All encrypted messages are branded to your healthcare organizations compliance requirements. Recipients of Proofpoint encrypted emails follow extremely simple steps to authenticate and access their messages. No pre-registration or exchange of encryption keys is required to use Proofpoint Encryption; ad-hoc email encryption is fully supported.
- Smart Identifiers: Proofpoint’s Smart Identifier technology dramatically reduces the number of false positives. Depending on the specific Smart Identifier, a variety of checks are performed, increasing the accuracy of the detection. For example, the Smart Identifier for credit card numbers performs the Lunh Algorithm check, which validates the checksum. This prevents any random 16-digit number from being flagged as credit card number. Custom Smart Identifiers can easily be added as well, such as a Smart Identifier to detect medical record numbers.
- Managed Medical Dictionaries: Proofpoint Enterprise Privacy contains several managed medical dictionaries, such as the International Statistical Classification of Diseases and Health Related Problems, 9th Revision (ICD-9) and the updated Revision 10 (ICD-10). As these codes are updated and released by the World Health Organization and subsequently adopted by the US Department of Health and Human Services, Proofpoint Enterprise Privacy will provide those updates directly to our customer systems. Customers may import dictionaries for use as well.
- Accurate Detection of ePHI: Accurate identification of ePHI is done utilizing a combination of Smart Identifiers along with the Managed Medical Dictionaries. Since the presence alone of a patient’s healthcare record number does not constitute ePHI, the ability to associate the presence of a healthcare record number along with, for example, a medical procedure – matching the definition of ePHI – is critical in accurate detection.
- Flexible Policy Management: Granular healthcare privacy policies can be set, allowing specific sets of users to send and receive ePHI via secure encryption with Proofpoint Encryption, yet prevent other groups from sending ePHI altogether.
- Regulatory Compliance Dashboard: Healthcare regulatory compliance officers have a dashboard view of their healthcare organization. Incidents that require review are highlighted, with one-click drill-down access to each specific incident that may require intervention or remediation. Reports summarize the number of encrypted messages that have been sent and the type of content that triggered the encryption (Social Security Number, Credit Card Number, ePHI, etc.)
- Workflow: Detailed workflow is available to provide detailed tracking against each incident. Healthcare regulatory compliance reviews can release messages by encrypting the messages or leave messages blocked within the quarantine. Severe violations can be escalated for further review. Status of each incident in review is then logged.
- Flexible Remediation: The vast majority of healthcare regulatory compliance issues come from inadvertent data loss. Proofpoint Smart Send is a feature that allows administrators to selectively allow sender-based remediation. For example, a hospital administrator may attach a spreadsheet containing information on multiple patients. Smart Send can temporarily stop this message, send a notification back to the sender alerting them of the content within the message, but then also provide direct remediation options within the notification email: the ability to block that message permanently, the ability to release that message, or to encrypt that message before sending. Smart Send can be enabled for the entire organization or for specific groups.
- Mobile Device Support: Proofpoint Enterprise Privacy fully supports the proliferation of various types of mobile devices within the healthcare workplace. As a gateway, policy-based healthcare privacy solution, healthcare organizations can be assured that all emails leaving an organization are scanned, whether they originate from a desktop or a mobile device. Recipients of Proofpoint Encryption emails are also treated to a mobile optimized experience. If recipients access their encrypted messages from a mobile device, optimized pages are displayed. No mobile-side, client software is required – ensuring that all recipients have the best mobile experience, regardless of the device they are accessing from – regardless of whether it is a Blackberry, iPhone, Android or Windows Mobile device.
- Best-in-class Threat Protection: Healthcare records are valued significantly more than any other type of private information today. With phishing attacks on the rise, focused not on just end user account credentials, but increasingly on leveraging phishing emails as an entry vector to steal sensitive information from enterprise organizations, having a best-in-class threat protection system is critical when addressing any data protection strategies. Proofpoint Enterprise Protection provides the best threat protection available against these external malicious threats today.
- Full Support for Cloud-based Email Systems (e.g., MS Office 365): Proofpoint Enterprise Privacy is available as a cloud-based solution and provides all the same rich functionality available as an on-premise solution. This also seamlessly integrates to any cloud-based email solution, such as Microsoft’s Office 365, ensuring healthcare regulatory compliance while leveraging the cost benefits of the cloud.
- Hospital-Insurance Communications: Hospitals and insurance companies are constantly exchanging healthcare information about healthcare patients and services rendered. Securing those communications ensures that ePHI is protected.
- Hospital-Lab Communications: Healthcare physicians communicate regularly with labs for patient tests. Ensure those communications are performed securely and keep ePHI encrypted.
- Doctor-Patient Communications: Increasingly, doctors are looking to communicate directly with their healthcare patients for better patient care. When those communications contain protected health information, it is critical that the organization provide easy use of email encryption to ensure compliance with healthcare regulations.
- Doctor-Doctor/Hospital-Hospital Communications: In a growing collaborative environment, healthcare providers are sharing more information across organizations to provide the best care possible to their healthcare patients. Securing communications while discussing specific patient care is critical to maintain healthcare regulatory compliance.
- 10+% of US Hospitals covered by Proofpoint
- 3 of the top 6 healthcare systems use Proofpoint
- Detection Accuracy of PHI: No other healthcare privacy solution on the market today provides the accurate detection of PHI like Proofpoint. This ensures that all PHI is encrypted, but just importantly, does not flag information that does not require encryption to be encrypted.
- Easy-to-Use, Fully Integrated Encryption: Healthcare physicians are extremely busy professionals whose priority is not necessary focused on determining what constitutes PHI and encrypting those specific messages. An easy-to-use, policy-based encryption solution, accurately identifying messages for encryption ensures your healthcare organization is maintaining compliance to healthcare regulations, but also does not place the burden on physicians.
- Mobile Support for Broad Range of Devices: Proofpoint healthcare privacy solutions are fully optimized for mobile device usage, from both the sender and recipient perspectives. With the best mobile experience available from any solution today, this is critical in healthcare environments which see the broadest range of mobile devices within the workplace of any industry today.