HIPAA Case Study - Healthcare data security
See how Michigan Public Health Institute (MPHI) uses FileAssurity Open PGP Security to:
- cut down on costs
- communicate securely with healthcare organizations and business associates
- ensure that confidential backup information can never be recovered after it has passed its retention period
Founded in 1990, Michigan Public Health Institute (MPHI) is a full-service research, development, and educational non-profit corporation. They have four founding partners: Michigan State University, the University of Michigan, Wayne State University, and the Michigan Department of Community Health. MPHI was originally chartered to assist the Michigan Department of Community Health, its associated agencies, and the founding universities in preventing disease and promoting public health through policy development, planning, scientific research, service demonstrations, education and training.   This case study was produced in co-operation with Steve Pierce, Privacy Officer for MPHI.   www.mphi.org
What does MPHI use FileAssurity PGP Security for?
We use FileAssurity PGP Security in four major areas :
- We have an ongoing project with another organization that monitors people with health problems. We built their case management database system, provide technical support, and occasionally add new features at their request. Our client sends us data securely using FileAssurity and we in turn use the data for troubleshooting and software testing, and we use FileAssurity to share this information securely with consultants.
- We use FileAssurity to exchange data securely with some of the hospitals that participate in the Michigan Emergency Department Community Injury Information Network, which is an injury surveillance system that tracks the types and causes of injuries treated in hospital emergency departments.
- We are seeking funding to participate in a national system to collect and analyze data on violent deaths, and we plan to use FileAssurity to share raw data securely with police departments and other organizations.
- Our internal IT staff use FileAssurity's secure delete facility to clean up old backup tapes so we can be sure there is nothing left on a tape that is past its retention period.
How has using FileAssurity PGP Security benefited MPHI?
Saving us money.   Before we purchased FileAssurity PGP Security we had to use expensive courier services to deliver a physical disk on which confidential information was stored.   We no longer have to pay $10 to $20 each time for a courier service. FileAssurity has paid for itself in just four uses.   There are no hefty bills to pay at the end of each month, just a single one-off payment of $65.
Speed of information delivery.   Information can now be delivered straight away using email.   There are no couriers to book and no paperwork to administer. Data files can reach their destination in minutes instead of hours or days.
Confidence in the security of our communications with other organizati2ons.   We do not have to worry if the email is lost in the system or sent to the wrong person.   If a courier had delivered the information and it ended up in the wrong hands it could be damaging to our business.   With FileAssurity we are confident that this can never be an issue because an unintended recipient would not be able to open the file.   We can now communicate securely with any organization knowing our data is not at risk.
Confidence in our data disposal process.   Data is now destroyed securely once it is past it's retention period.   Tapes can now be reused without having to be physically destroyed.   We can be sure that information we should not have retained can never be recovered.
What do you like about FileAssurity PGP Security?
- Extremely useful tool that is very versatile in its uses.
- Extremely simple to use.
- Not only is the product inexpensive but it requires no additional training costs.
- Encryption is very quick. We encrypt 10-20MB files and don't have to wait to use it.
- FileAssurity's built in compression is an added benefit when transferring large files across the Internet.
- The archive facility is very useful.   We use it to encrypt whole folders in one go and send them securely to others.
Why did you purchase FileAssurity PGP Security?
We came across FileAssurity PGP Security whilst looking for an alternative to PGP.   FileAssurity seemed a simple to use, low cost alternative that had the same level of security.   It does exactly what it says on the box.   The cost saving benefit compared to other products was tremendous.   We liked the fact that the product was inexpensive because we have to ask others to buy the product so they can send us files securely - we did not want to purchase a product where the price barrier was an issue for others.
On the security side, the fact FileAssurity PGP Security uses the AES algorithm at it's maximum strength gave us a lot of confidence in the product.   The US Federal Government's approval on AES for its own use told us that FileAssurity is using good encryption methods. If AES is good enough for the Federal Government then it is good enough for us.   Using a PKI enabled product meant we did not have to deal with the nightmare of password administration or worry about the weaknesses of password systems. We can work with other businesses regardless of the PKI they use or even if they have nothing at all.