- Customer Profile: Non-profit 705-bed hospital; academic medical center
- Goals: Regulatory compliance; protect confidential patient & employee information
- Solution: PGP® Encryption Platform: PGP Universal™ Gateway Email secures email; PGP® Whole Disk Encryption safeguard laptops; PGP Universal™ Server provides central management
- Deployment: On time; within budget; integrates with new infrastructure project
- Benefits: Data security; scalable solution; protect reputation
Maimonides Medical Center chose the PGP Encryption Platform to secure sensitive data in emails and on laptops.
An almost 100-year-old non-profit hospital, Maimonides Medical Center provides patient care and related community services to the diverse population of Brooklyn, New York. The medical center has a staff of internationally renowned physicians and offers more than 70 primary care and sub-specialty programs. Its physicians have pioneered new medical and surgical treatments such as the first human heart transplant operation in the United States and development of the first commercial pacemaker. Maimonides is also a leading academic medical center, training more than 400 residents and medical students each year.
In the course of providing quality health care, Maimonides Medical Center collects an enormous amount of confidential information about patients. Hospitals and medical facilities are responsible for ensuring patient privacy, and some have failed to do so in the ever-evolving digital world. Today, maintaining a world-class reputation also means protecting patient data even when it is stored in electronic media.
Secure confidential information in email. As in other industries, health care now uses email as a primary communications tool. Doctors, hospital administrators, and insurance representatives all regularly exchange email with patients and employees, and many of those emails contain personal and private information that must be protected. The hospital needed a way to secure email for 3,000 of its users to comply with relevant regulations on protecting confidential data.
Ensure regulatory compliance. The U.S. Health Insurance Portability and Accountability Act (HIPAA) requires that organizations protect private health information transmitted over open networks such as the Internet. In addition, if a security breach were to occur, Maimonides would need to comply with New York’s Security Breach and Notification Act, which requires the responsible organization to notify patients when their private information is exposed. “We don’t want to just meet security requirements—we want to exceed them,” says Anthony Mancuso, manager of Information Security at Maimonides. “Our reputation is at stake.”
Safeguard corporate laptops. Many Maimonides staff members use laptops to facilitate working from home or when on the road. Unfortunately, the portable nature of these devices makes them susceptible to loss or theft, so the medical center needed a solution to protect sensitive information stored on laptop computers.
Maintain user productivity. The fast-paced, time-sensitive nature of health care required Maimonides to find a security solution that would not affect user behavior or productivity. Hospital personnel have vital day-to-day responsibilities the medical center did not want to delay or interrupt because of security concerns. “We needed a transparent solution that required minimal user training,” says Sean Randolph, the medical center’s LAN engineer.
Dovetail with existing migration. Maimonides was already engaged in migrating to Microsoft Exchange when it identified the need to secure patient information in transit and at rest. Not wanting to postpone its data security initiative, the medical center needed a solution that could be implemented in stages alongside its migration project.
To protect patient information, Maimonides selected PGP Whole Disk Encryption to secure data on laptops and PGP Universal Gateway Email to secure email communications, both centrally managed by PGP Universal Server. “We looked at a variety of products, but they didn’t offer the scalability of the PGP Encryption Platform,” says Randolph. “Scalability is very important to us. Although we needed specific encryption applications, we wanted them to be part of an integrated solution. That way when new needs arise, we can just add another encryption application to the existing platform.”
Centralized management. “We wanted a solution that could centrally manage multiple encryption applications from a single administrative console,” Randolph explains. “Only PGP Corporation offered that solution with the PGP Encryption Platform.”
Encrypted laptops. To protect its corporate laptops, Maimonides selected PGP Whole Disk Encryption, which locks down the entire contents of a laptop, desktop, or external removable drive. With PGP Whole Disk Encryption, sensitive data is continuously safeguarded from unauthorized access, providing strong security while remaining transparent to the user.
On-demand email encryption. To secure emails with patients and external partners, Maimonides selected PGP Universal Gateway Email. “Emails containing private information are encrypted before leaving the corporate network,” says Mancuso. “Senders just flag the email as confidential and send it as usual. PGP Universal Gateway Email takes care of the rest.”
Industry-leading solution. “We asked for vendor recommendations and heard rave reviews about PGP Corporation,” says Randolph. “The solution provided all the capabilities we needed—central management, scalability, and effective encryption of laptops and emails—so we decided to go with the industry leader.”
PGP® encryption applications are now an integral part of Maimonides’s IT security strategy. “Being able to manage everything centrally is a huge benefit,” Mancuso says, “and things are running very smoothly.”
Successful laptop security. Maimonides implemented PGP Whole Disk Encryption on only some of its laptops to start. According to Mancuso, “Initial disk encryption is fast and runs in the background. Ongoing encryption is transparent to users as well. We’ve had zero complaints.” In fact, PGP Whole Disk Encryption has proven so effective the medical center increased the number of seat licenses to 500—five times the original estimate.
Confident, productive users. Doctors and staff now have the flexibility of working from home without worrying about exposing sensitive data. “A number of doctors were very impressed that we’d selected the PGP® solution,” adds Randolph. “They found it easier to use and more transparent than products they’d been using on their own.”
Easy integration. Maimonides was able to deploy the encryption solution in stages, beginning with the backbone of the PGP Encryption Platform architecture, PGP Universal Server. With the server in place, the medical center was able to add the email and laptop encryption applications when its migration schedule permitted. “We just staggered deployment of the PGP solution and integrated it with the existing Microsoft Exchange plan,” Randolph explains.
Responsive technical support. “We’ve found the PGP Encryption Platform to be a robust system,” says Randolph. When Maimonides deployed the solution, Mancuso says PGP Support was very helpful: “They were able to resolve deployment issues effectively and made us feel even more comfortable with the software.”
Flexible, cost-effective encryption. With the PGP Encryption Platform, Maimonides now has the ability to quickly address future security needs. This scalable framework will allow the medical center to cost-effectively add new encryption applications, as needed.
The team at Maimonides Medical Center achieved its goal of securing private patient and employee information. By mitigating the risk of a data breach, Maimonides not only can comply with regulations, but also protect its reputation. “Patients have enough to think about. We don’t want them to worry about their personal information as well,” says Mancuso. “They need to be able to trust that their information is safe with us and it is, thanks to PGP encryption.” In addition, choosing the PGP Encryption Platform has equipped the hospital to meet future security requirements. “The solution is working out very well for us,” Randolph summarizes.
The PGP Encryption Platform. The PGP Encryption Platform reduces the complexities of protecting business data by enabling organizations to deploy and manage multiple encryption applications cost-effectively from a single management console. Deployed with the first encryption application, the PGP Encryption Platform makes installing a separate or additional infrastructure unnecessary when the organization needs other encryption applications. The PGP Encryption Platform supports the broadest range of integrated applications to secure email, laptops, desktops, instant messaging (IM), PDAs, network storage, FTP or bulk data transfers, and backups. |
