South Nassau Communities Hospital

South Nassau Communities Hospital Ensures Health of its Outbound Email with Proofpoint Protection Server

HIPAA REGULATIONS REQUIRE SECURITY OF PATIENT INFORMATION South Nassau Communities Hospital is a 429-bed acute care hospital in Oceanside, NY. The hospital has 2,200 employees dedicated to providing quality health care to patients in Long Island. South Nassau offers a broad range of services, excels in cancer and cardiac care and provides comprehensive diagnosis, treatment, rehabilitation and support services.

As a hospital, South Nassau is required to comply with the Health Insurance Portability and Accountability Act (HIPAA), which, among other things, requires the hospital to protect patient personal health information (PHI). Since patient information can be disseminated via email, one of the first things South Nassau had to do was shore up its email stream, to ensure that patients' PHI did not get into the wrong hands.

“So much of our patient information is now stored electronically, which is convenient for our staff, but it also opens up greater avenues for this data to be compromised,” said Connor Brosnahan, manager of network systems for South Nassau Communities Hospital. “We needed to be able to be able to scan our employees' outbound email to stop HIPAA violations, but we wanted minimal intrusion on our employees' privacy.”

PROOFPOINT PROVIDES INSTANT OUTBOUND EMAIL COMPLIANCE
After evaluating several solutions, South Nassau selected the Proofpoint Messaging Security Gateway to monitor its outbound email stream for any HIPAA violations. The Proofpoint Regulatory Compliance module ensures that outbound messages comply with HIPAA by using pre-defined dictionaries and “smart identifiers” that automatically scan for a wide variety of non-public information. These dictionaries and smart identifiers were critical features that South Nassau needed in a solution.

“We looked at solutions from both CipherTrust and SurfControl, but both of them lacked the pre-defined dictionaries of medical treatment codes, disease names and other medical information that Proofpoint includes with the Regulatory Compliance module. The other products would have required far too much work to be effective,” said Brosnahan.

South Nassau is rolling out this HIPAA compliance solution for email in several stages. Currently, when the Proofpoint Regulatory Compliance module identifies a message that violates the hospital's HIPAA policies, it stores the email in a quarantine folder, where it can be easily reviewed by administrators. From that point, administrators can either take additional actions on non-compliant email or approve the email for release. In the second stage of deployment, the appliance will be configured to automatically reroute some types of PHI-containing messages to the hospital's Voltage Security device, where it will be encrypted before transmission to approved business partners.

“Proofpoint accurately identifies any email that contains PHI, including social security numbers and procedure names, and automatically takes the appropriate action, holding those messages for further review or ensuring they are securely encrypted before allowing them to leave our network,” said Brosnahan. “Without Proofpoint, we'd have to find some other way to ensure our email is HIPAA-compliant, which could include manually reading thousands of personal email messages. That would not only waste IT resources, but would also compromise our employees' privacy – something we weren't willing to do.”

A CURE FOR VIRUSES AND SPAM
In addition to identifying outbound email violations, the Proofpoint Messaging Security Gateway is also able to scan South Nassau's inbound email stream and stop dangerous viruses and unsolicited spam from reaching users. Proofpoint's MLX machine learning technology examines more than 100,000 attributes in every email to classify spam and viruses with the highest accuracy in the industry.

“It's amazing how quickly Proofpoint cleaned up our spam problem,” said Brosnahan. “The appliance worked right out of the box, with no false positives. We've had a dramatic drop in the calls to our help desk because of spam.”

South Nassau is so impressed with Proofpoint that the hospital is currently looking into purchasing additional modules. “We were very impressed with the Proofpoint Digital Asset Security module, which detects confidential information and prevents it from leaving the hospital,” said Brosnahan. “Proofpoint has already worked so well at preventing HIPAA violations, blocking spam and stopping viruses that we're looking forward to also deploying Digital Asset Security to ensure that other forms of private and confidential information don't leave our network via email.”

ABOUT SOUTH NASSAU COMMUNITIES HOSPITAL
South Nassau Communities Hospital is a 429-bed, acute care hospital located in Oceanside, NY. For 75 years, the hospital has been committed to providing inpatient, ambulatory, home health, restorative, preventative and emergency medical care to Long Islanders. With more than 820 physicians, South Nassau offers a broad range of services, excels in cancer and cardiac care and provides comprehensive diagnosis, treatment, rehabilitation and support services.