HIPAA Case Study - Medical Information Security
See how Preferred Medical Marketing Corporation (PMMC) uses FileAssurity OpenPGP Command Line to:
- free up valuable staff resources
- prevent user error and forgetfulness
- ensure that sensitive medical information is processed in accordance with the HIPAA
Founded in 1986, Preferred Medical Marketing
Corporation is a Microsoft Certified Partner, software development and consulting organization that determines, refines and implements strategies for healthcare providers and physician practices in the healthcare contract management area. The Company's software applications and remote managed service solutions provide contract management, auditing, modelling and reporting, along with budgeting, cost accounting and decision support for hospitals and physician practices. This case study was produced
in co-operation with Rob Rochelle, Director of Technology at PMMC. www.pmmconline.com
As PMMC handles large volumes of sensitive, personal medical information, security and privacy are critical issues. Furthermore, the HIPAA Security Rule that comes into force in 2005 mandates that electronically stored or transmitted personal health information be kept confidential and protected at all times.
PMMC receives electronic files
with sensitive information and medical records via email and FTP from its clients. These are encrypted using the PGP standard and until recently were decrypted manually each day before being submitted for processing. This manual process was time consuming, costly and human errors in processing occurred.
PMMC needed a better, safe, cost effective and fast solution. The company recognized the need to automate and schedule the decryption process. The major benefits would include: free
up valuable staff resources, remove the potential for human error, forgetfulness, and handle the occasional holiday day off when no one was there to do the job. They wanted to ensure the files were securely archived, decrypted and processed every day regardless of circumstances.
After evaluating a number of products including PGP, PMMC chose FileAssurity PGP Command Line from ArticSoft. 'We were impressed with the simple scriptor graphical interface and its ease of use", said Rob
Rochelle, Director of Technology at PMMC. 'We had it up and running in a few hours and in production by the next morning. Now we can just let it run in the background and forget about it."
"Price was also a major consideration", added Rob 'We could get all the functionality we needed from ArticSoft for less than the other solutions on the market. Other things we liked about the product were it's low overhead and speed.'
FileAssurity PGP Command Line provides automated
encryption and decryption of files, folders, documents and emails. It incorporates automatic linking to e-mail, integration with FTP for automated upload and download, scheduling to allow tasks to be run at pre-defined times or frequencies and comprehensive audit logging. The GUI interfaces remove the need to 'hand craft' command line parameters so that any administrator is able to control and run CLS without the need for constant technical support.
Administrators can define which files and folders
to encrypt, decrypt, digitally sign, verify or securely delete and when they want this to happen. They can also pre-set what happens to files once they have been processed whether the are automatically emailed or FTP'd to a web server, for example.
For PMMC, FileAssurity PGP Command Line delivered exactly what they wanted at an affordable price. PGP Command Line simply runs in the background with no need for further user intervention.