The 12 Commandments for Choosing Email Encryption

I know you are thinking “well Moses only had 10 commandments”, but we are now in the digital age and 2 more are needed to help you fully assess your email encryption needs and solutions.

As a 35 year industry veteran – a “group guy” – I am not a techie but a business person who understands how to use today’s technologies. That is my business and what we have done for the last 15 years, starting with founding Employease in 1995.

I do not profess to be an encryption expert but we have done the research for numerous clients and are implementing solutions daily and here is what we have learned and can share with you on this critical issue and protecting your business and your company’s reputation:

1) This is NOT a technology decision but a business process and operational efficiency one. Your solution does not need to be expensive nor complicated but it needs to work easily and seamlessly and not disrupt your business while protecting it.

2) It also doesn’t need to be a science project. The right solutions exist, are used daily by millions of people from the US Government, the banking industry, hospitals and more. If the solution feels like a techie science project drop it.

3) Due to HIPAA HIITECH encryption is now front an center as a fundamental component of your business infrastructure– just like your phone, email, fax, office network, laptops and mobile devices. Don’t make it more complicated than that. It is a product of the “digital age” we live in and

4) Ben Franklin was right 200 years ago – don’t be “pennywise and pound foolish”. You counsel your clients when buying benefits not to simply choose price. The same holds true here. You get what you pay for and the cost of the wrong solution in terms of time and technical issues that are not key to your business can be substantial.

5) It needs to meet the NIST standards as noted in the HITECH law to qualify as a “safe harbor”. The main requirement here is that the two encryption keys cannot both reside in the same place – ie your computer to be approved

6) Of course it needs to meet the HIPAA HITECH law but also a myriad of other laws that grow monthly like  the 47 state HIPAA privacy laws, other Federal laws like Red Flag, GLBA and emerging state consumer privacy like MA and NV

7) Rent or Buy? You are an insurance broker not a technology company. Buying hardware and then having to have someone maintain it who is not an expert is a waste of time and money. Don’t let you tech guy talk you into buying something when better solutions exist “in the cloud”.Use a hosted service – an outsourced SAAS (software as a service solution) that will evolve as this entire area continues to evolve legally on a national, state and local level.

8) Full 360 Degree protection – Be sure all PHI that your team handles – inbound and outbound is encrypted. Your biggest threat is your client’s sending unprotected data to you and causing a breach. A solution MUST protect against this as well.

9) The old KISS theory applies. To minimize problems – “Keep it Simple Stupid”. Any solution you choose needs to be as simple and transparent as possible with as little change to your normal work processes as possible.

10) Encryption Key Issues – Problems with how keys are stored and exchanged across different systems and networks appears to be where issues come up for companies. Choose a vendor who handles keys in a way that eliminates these issues – i.e “in the cloud” so that business can be conducted not troubleshooting why a client cannot open your emails.

11) Extensible – Privacy issues grow daily as our society becomes even more ‘wired” and dependent on electronic communication. 38 states have new laws lending – similar to the MA and NV laws – that just went into effect requiring any transactions that include personal information about their residents be encrypted. Make sure your solution can be easily updated to meet new laws and changes to rules so you do not need to revisit your encryption decision later.

12) How big is your vendor’s network? Do they even offer one? Encryption for HITECH is not about technology but sharing data across business processes and business partners and vendors.  Think the Verizon and Sprint commercials for cell phones and connecting seamlessly to lots of other users. If they do not offer connections to other users look for a vendor who does and makes it easy to share data.

If you follow these rules to making your decision you can make a decision, get it implemented and go on about the business of helping your customers as effectively as possible.

We have developed our RadarMail360 solution in partnership with industry leader ZixCorp to provide you with a toolset that meets all of the above criteria and most importantly connects you seamlessly and securely to anyone of the 160+ health insurers and 20 million other users on the Zix Network.

We are adding a front end filter for all inbound mail to be sure that if PHI is in it we intercept it and redirect it to a safe place – like your own secure message portal.

We can help you get compliant, stay compliant and protect your business.

Contact us for more details.

Explore posts in the same categories: brokers, Business, Employee Benefits, Healthcare, Healthcare Insurers, Healthcare Reform

Tags: , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: