HIPAA News

Crystal Run Healthcare Deploys Proofpoint Messaging Security Gateway Appliance to Secure Email and Protect Transmission of Confidential Patient Data

(March 11, 2008)--Proofpoint, provider of unified email security and data loss prevention solutions, announced that Crystal Run Healthcare has successfully deployed the Proofpoint Messaging Security Gateway appliance to defend against inbound spam and virus threats, as well as to prevent leaks of confidential information in outbound email messages, including social security numbers, credit card numbers and patient data. With Proofpoint, Crystal Run Healthcare, one of the fastest growing medical practices in the country, has been able to easily and automatically secure approximately 200,000 messages per month, of which 84 percent is spam, and ensure up-to-date compliance with HIPAA regulations.

"Selecting Proofpoint for our email security infrastructure was one of the best decisions I've ever made," said Miguel Hernandez, director of information technology, Crystal Run Healthcare. "From day one, Proofpoint
proved its effectiveness in eliminating spam. I've never received so many thank you notes from employees before! Moreover, the flexibility we can offer users to define their own permissions through an easy-to-use
interface has been invaluable. We couldn't find another product on the market that offered such a perfect balance between end user control and IT management."

In addition to the intelligent management and elimination of spam and viruses, Crystal Run also needed to implement controls over outbound messaging streams to prevent leaks of confidential information and comply with HIPAA regulations that govern the transmission of protected health information (PHI). Crystal Run deployed the Proofpoint Regulatory Compliance module, which automatically detects non-public and sensitive information such as social security numbers and patient information, as well as the Proofpoint Secure Messaging module, which automatically and dynamically encrypts emails based on Crystal Run's policies. Both modules are completely transparent to employees, allowing them to send and receive emails as usual.

"Our business runs on email and as a healthcare organization, we have to be especially vigilant about the type of information being transmitted," added Hernandez. "The email encryption and regulatory compliance modules worked right out of the box, which has not only ensured our adherence to industry and government standards, but also dramatically accelerated the speed at which we do business."

Before Proofpoint, any request from a patient, doctor or lawyer to review a medical record required a personal visit to the practice by the requestor -- and often the patient -- in order to sign forms and obtain a
physical copy of the record. While this bureaucratic process protected patient privacy, it mired the medical records department in paperwork and slowed the delivery of information to key constituents. The same problem held true for Crystal Run's administration group, where financial or insurance forms had to be "snail-mailed" in order to receive various signatures.

With Proofpoint, patient data, insurance information and other sensitive forms of data can be securely transmitted via email, which has helped Crystal Run operate much more efficiently as a business and improve the level of service and convenience provided to Crystal Run's patients.

"Healthcare organizations are subject to strict regulatory compliance demands and are always seeking to provide the highest levels of security for patient information," said Sandra Vaughan, senior vice president of
products and marketing for Proofpoint. "For these customers, it's essential to deploy the most robust email protection available, without taking on the IT burden of managing multiple products across thousands of users.

Increasingly, organizations like Crystal Run are placing their trust in Proofpoint as the only provider that delivers the full range of email security and data loss prevention features on an integrated, easy-to-deploy
and easy-to-administer messaging security platform."

Share or bookmarklet this web page at: