Meadville Medical Center

Meadville Medical Center Deploys Proofpoint to Ensure Hipaa Email Compliance and Protect Patient Data

BUSINESS CHALLENGE
Meadville Medical Center elected to upgrade its messaging security systems in order to comply with the Health Insurance Portability and Accountability Act (HIPAA). The medical center used email as a regular communications channel, but needed to implement more stringent security in order to prevent patient data or other sensitive information from improperly leaving the network via outbound email. During an audit of its outbound email, the medical center found several potential HIPAA violations.

PROOFPOINT SOLUTION
Meadville Medical Center deployed the Proofpoint Messaging Security Gateway™ appliance to protect its outbound email channel. Using the Proofpoint Regulatory Compliance™ and Proofpoint Secure Messaging™ modules, Meadville is able to scan its email for protected health information (PHI). Once Proofpoint detects PHI in an email, that email is automatically encrypted before being sent out.

RESULTS ACHIEVED
With Proofpoint, Meadville Medical Center is able to automatically identify and encrypt more than 100 emails each month that contain PHI. In the process, Proofpoint has dramatically reduced the amount of time that the IT staff must spend investigating email infractions.

PRODUCTS DEPLOYED

Proofpoint Protection Server
Proofpoint Spam Detection
Proofpoint Virus Protection

The Proofpoint Protection Server was perfect — it did not let through a single piece of spam, and there was not a single false positive

Dale Gainey,
Sr. Systems Administrator
Tyson

HIPAA PROVIDED SPARK TO SECURE OUTBOUND EMAIL Meadville Medical Center is a community medical center located in Meadville, Pa., about 90 miles north of Pittsburgh. The hospital has a staff of more than 1,300 professionals to provide high quality medical care to patients.

As a health care facility, Meadville Medical Center must comply with the Health Insurance Portability and Accountability Act (HIPAA). Among the HIPAA compliance regulations are provisions mandating that hospitals secure protected health information (PHI) sent via email, such as patient reports, diagnosis numbers and other personal information.

An audit of its email channel revealed several flaws and potential HIPAA email compliance violations. The encryption tool that IT created for departments was found to be cumbersome, so some users occasionally opted to not use it. The audit proved to not only be a learning experience for IT, but it was also a learning experience for the staff who became more educated on how to properly send confi - dential information.

"That audit was a real eye-opener for us," said Jeri Sample, systems administrator of Meadville Medical Center. "The possibility of the HIPAA violations quickly justified the cost of buying a solution to handle the problem."

Meadville Medical Center evaluated several solutions that would let it identify and encrypt any emails containing PHI. After narrowing down its list to solutions from KODAK Secure Email Services (SES) and Proofpoint, Meadville selected the Proofpoint Messaging Security Gateway, because it offered better HIPAA email compliance performance, included six managed dictionaries of healthcare codes and terms that SES did not, and required almost zero ongoing maintenance.

PROOFPOINT PROVIDES A SECURE CHANNEL FOR OUTBOUND EMAIL
The Proofpoint Messaging Security Gateway is an appliance that delivers the industry's most complete and effective security for enterprise messaging infrastructures. Meadville Medical Center uses both the Proofpoint Regulatory Compliance and Proofpoint Secure Messaging modules to protect its outbound email.

The Proofpoint Regulatory Compliance module scans outgoing email messages for PHI, such as patient data and procedure codes, as well as other personal information including social security and credit card numbers. Once emails containing PHI have been identified, the Proofpoint Secure Messaging module, which is powered by Voltage IBE (identity based encryption) technology, encrypts them before they are sent outside the hospital.

PROOFPOINT EASY TO INSTALL AND MANAGE
For Meadville Medical Center, one of the most important features in a messaging security solution was that it had to be easy to use and require very little administration. Sample says that's exactly what Proofpoint delivered. She found the Proofpoint appliance was incredibly easy to install, it worked right out of the box and it requires very little ongoing maintenance.

“In terms of policies, we only had to set up a few rules to identify and capture email unique to our environment,” said Sample. “Other than that, Proofpoint already had all the rules and dictionaries in place pertaining to HIPAA and other sensitive information.”

Sample also says that Proofpoint provides superior customer support, far above what she would expect from any vendor. “The Proofpoint support team has just been incredibly responsive to our requests and has worked with us to really perfect our deployment. Most companies out there could really take lessons from Proofpoint on customer service and support.”

ABOUT MEADVILLE MEDICAL CENTER
Meadville Medical Center is a community hospital located in Meadville, Pennsylvania. The hospital is continually working to make sure that our facilities are up-to-date or state-of-the-art and meet community needs. It is a leader in healthcare in northwestern Pennsylvania, with the newest technology, including the latest generation of ultrasound, CT and MRI technology. Meadville Medical Center has a medical staff of over 100, which consists of 37 medical/surgical specialties, with an extensive primary care foundation.