BEW Global, an Information Asset Protection and Network Security solution provider, today announced that it has implemented security solutions to address HIPAA compliance concerns within The Portland Clinic and Longmont United Hospital.
The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to keep private and secure Protected Health Information (PHI) and outlines specific procedures and best practices for accomplishing this privacy. More and more of the information exchanged today within healthcare organizations is in the form of electronic communications, including emails, web mail, instant messaging, blogs and message boards. Two healthcare organizations – Longmont United Hospital and The Portland Clinic – recently took proactive measures by working with BEW Global to ensure sensitive and confidential information is not exposed through the course of daily business email communications.
“One area of concern for healthcare organizations is making sure unsecured PHI is not coming or going via various types of electronic communications,” said Robert Eggebrecht,Senior Partner of BEW Global. “We go into these healthcare organizations and perform Network Penetration tests and Exposure Assessments. Organizations like Longmont United and The Portland Clinic want to be proactive about being able to identify even the smallest amount of unprotected PHI coming into or leaving the organizations. We can recommend and implement the right solution to not only alert administrators to the problem, but to proactively and automatically secure the information found in the emails.”
The expertise of the more than 300 highly qualified physicians on staff, caring employees and the latest medical tools and technologies allow Longmont United Hospital to pro sophisticated services in an environment optimal to healing. Longmont United Hospital is committed to respecting the privacy of its patients and maintaining the confidentiality of their protected health information.
“One area of compliance and security we needed to make sure was addressed was that protected sensitive information was not found in incoming and outgoing emails,” said John Peterson, Director of Information Systems at Longmont United Hospital.
BEW Global first conducted a Network Penetration test and an Exposure Assessment for two weeks. During this phase, BEW Global monitored all incoming and outgoing email for PHI inclusion.
“They actually found little evidence of confidential medical information leakage, but we still thought there may be some. So we proactively decided to have BEW Global implement the HIPAA and Social Security modules of the Vericept product, which they had up and running for us in about a week,” said Peterson. “Now we receive a daily report which allows us to monitor not only internal employees’ outgoing emails, but also to monitor incoming emails from third parties and educate anyone who is inadvertently sending us sensitive information. The reports also serve as evidence we are monitoring for HIPAA compliance.
The Portland Clinic is Oregon´s oldest, private, multi-specialty medical group serving the communities of Portland, Beaverton, Aloha, Hillsboro, Lake Oswego, Tigard, Tualatin, and Wilsonville. It too is dedicated to protecting its patients’ health information and has undergone employee training to fortify its HIPAA policies.
“HIPAA compliance is an ongoing education process with end users, said Bob Morgan, Network Administrator of The Portland Clinic. “It is a very small percentage of private information that ends up in outgoing or incoming emails accidentally. We wanted to be proactive in reducing that amount even more.”
Like with Longmont United Hospital, BEW Global conducted an Exposure Assessment at The Portland Clinic.
“We worked with BEW Global to install the Vericept product in a test phase. We then evaluated the results and decided to roll out Vericept for ongoing monitoring,” Morgan said. The whole process went smoothly and overall we are very pleased with the system. BEW Global was very helpful and made tweaks and adjustments as we went along.”
Now The Portland Clinic logs in daily to review the reports and alerts. “When there is a violation, an auto email is sent out right away alerting the end user. Or in the case of a more serious violation we contact the end user directly,” Morgan said.