Baptist Health Care Uses McAfee Email Gateway Encryption to Comply with HIPAA Regulations

Headquartered in Pensacola, Florida, Baptist Health Care is a network of hospitals, nursing homes, mental health facilities and outpatient centers serving northwest Florida and south Alabama. The organization has its origins in the 1951 opening of Baptist Hospital, now a 492-bed tertiary care facility providing a comprehensive range of medical, surgical and obstetrical services. Baptist Hospital Inc. has been a recipient of the Malcolm Baldrige National Quality Award. Focused on customer service and convenient, quality care, Baptist Health Care is a national leader in patient satisfaction. The corporation has been listed on Fortune Magazine’s “100 Best Companies to Work For” for four consecutive years.

Safely transmit patient information and protect end user’s inboxes from spam
Email has become an integral part of Baptist Health Care’s (BHC) communication network, with more than 2,500 email users company-wide sending and receiving essential patient information. In 2002, BHC implemented the McAfee Email Gateway (formerly IronMail) appliance from McAfee’s Network Security Business Unit (formerly Secure Computing), to prevent spam and viruses from penetrating the email inboxes of end users. After largely solving the inbound spam and virus problem with 90 percent of email messages eliminated as spam and zero false-positives, BHC determined it needed a solution for securing outbound emails to help ensure compliance with HIPAA regulations. BHC’s major challenge was to find a balance between the business communication needs of the health system, and controlling the risks associated with the electronic transmission of sensitive patient information.

“We needed a way to prevent sensitive patient information from landing in the wrong hands or having a user inadvertently sending out private information via unprotected email,” says Jim Donaldson, BHC’s Privacy and Security Officer. “Additionally, we have certain radiology equipment that needs access to the Internet in order to be supported by the manufacturer. Many times that access will have to happen through ports that make themselves vulnerable, so we needed to ensure that only secure traffic was able to come and go through those ports.”

"McAfee offers the broadest number of encryption options and has the deepest technology partnerships in the industry."

Jim Donaldson
Privacy and Security Officer, Baptist Health Care

Meeting compliance requirements
“For the past few years, McAfee Email Gateway has done a great job with allowing us to control spam and also to scrub viruses from our emails. It has eliminated a huge amount of inbound email as spam, with virtually no false positives,” says Donaldson. “For efficiency, BHC wanted to leverage our existing investment with McAfee, yet we needed to be able to support a broad range of policy-driven technology options as our encryption requirements continue to evolve. McAfee provided everything we needed and more. The company offers the broadest number of encryption options and has the deepest technology partnerships in the industry. We understood the importance of meeting all compliance requirements, and that’s why we selected McAfee Email Gateway Encryption to meet our encrypted email needs.”

Secure email communication
BHC began the initial company-wide rollout of McAfee’s McAfee Email Gateway Encryption by supporting specific applications such as radiology e-faxes, as well as business and benefits insurance communications and paperwork.

“Our radiology department’s system allows us to automatically fax or email radiology transcription reports when they are finalized using a fairly automated workflow process,” says Donaldson. “As soon as the doctor signs off on the report, it goes. BHC has now configured McAfee Email Gateway to pass those sensitive reports through the McAfee Web Gateway device so that the information will be securely delivered to the doctors’ offices or other recipients. The service also enables us to print hard copies of the documents if we need to. We have been extremely pleased with the process and plan to expand this capability to other applications as well.”

“The Security Rule seems complicated to many people who are outside the business, but if you look at it, it’s really focused on things that have been around in other industries for a long time,” continues Donaldson. “Being able to communicate securely through email is a great thing. If you can check your bank account securely online, there’s no reason you shouldn’t be able to look at your medical information online as well. McAfee Email Gateway has helped us secure our patient information and transmit critical messages without worrying if we are violating a policy or regulation. It’s been a great, great help.”

Baptist Health Care

Customer profile

Network of hospitals, nursing homes, mental health facilities and outpatient centers in northwestern Florida and southern Alabama

Industry

Healthcare

IT environment

2,500 employees sending and receiving essential patient information

Challenges

Protect private health information in out-bound email messages; comply with HIPAA regulations

McAfee solution

  • McAfee Email Gateway (formerly IronMail)
  • McAfee Email Gateway Encryption

Results

  • Enforces internal and government-mandated email usage policies and regulations
  • Maximizes resources by sending sensitive patient data via secure email vs. physical mail
  • Increases flexibility, scalability and manageability for email security officers
  • Zero end-user complaints
  • Securely delivers emails to patients for appointment reminders and annual check-ups
  • Leverages email policy engine used to protect inbound mail