Business IT Solutions Brief
Robust ePHI Security Layering and Workforce Training for a Maine Law Firm
Date: April 2018
location: Augusta, ME
- After performing an internal HIPAA Risk Analysis, the client sought additional data security layers for their network to better protect their business data and their clients’ sensitive information.
- The client already had a strong security measures in place but wanted more robust email system security and to train their employees on cybersecurity awareness.
- SymQuest successfully implemented deep email encryptions and enrolled the client in cybersecurity awareness and testing software.
Client: Kozak & Gayer, P.A.
Kozak & Gayer, P.A. (K&G) is a law firm focusing its practice exclusively on health care law and other areas of law directly relevant to health law (e.g., corporate law, employment law, health insurance law), providing a full range of legal services to health care clients.
The K&G firm deals with large amounts of HIPAA-protected data and electronic private health information (ePHI). For this reason, it is essential that this data is well-secured in order to protect their clients’ sensitive information and keep their business compliant.
K&G is unique in that they perform risk analyses for many of their healthcare clients — Because they counsel their clients on complying with HIPAA regulations and following privacy best practice, they strive to uphold those same principles within their own firm.
SymQuest is K&G’s trusted partner in data security. The client relied on SymQuest to deepen the firm’s already robust knowledge and practices, specifically in the areas of email security and employee cybersecurity awareness training.
SymQuest hosts K&G’s email Exchange server and provides security and spam filtering using Proofpoint Essentials. K&G wished to add two security features to their email system: (1) an email header that notified office personnel that an email originated from outside of the organization, and (2) email encryption.
SymQuest created a rule that applies an email header on all emails that originate from outside of the organization to remind all personnel to exercise caution and not open links or attachments until they are certain the email is legitimate.
Using the Proofpoint Essentials application, SymQuest also implemented email encryption for K&G, providing users the ability to send an email as encrypted, should it contain sensitive information (i.e. PHI). Now, when an employee elects to send an email as encrypted, the recipient must securely log into the Proofpoint system to view and respond to the message.
The encryption feature also utilizes email “trigger words”, which indicate sensitive information, and automatically encrypt the email when sent. This feature ensures that an email with sensitive information gets encrypted, even if the user fails to designate it as such.
Both of the solutions that SymQuest added were easily integrated into the client’s processes and are better securing K&G’s email communications.
Workforce Cybersecurity Awareness Training
While discussing optimizing network security, SymQuest suggested that K&G consider a security awareness training program – KnowBe4. After reviewing literature provided by SymQuest and hearing about their experience with the program, K&G decided to subscribe and implement the security awareness program.
With KnowBe4, employees are regularly enrolled in security training and are randomly tested to ensure that they are performing best practices whenever working on the K&G information network and accessing client information. Now, the firm’s workforce is staying up to date with security best practices and is regularly exercising that knowledge. In the four months that the firm has been using KnowBe4, employees have learned from the training modules, which have provided them with information on email spoofing, phishing, safe web browsing, malware/randomware, and much more.
When K&G sought to add additional layers of email security to their system, SymQuest provided the expertise and the technology to get it done. The implementation of encrypted email and the KnowBe4 Security Awareness Training has been a great success in ensuring that K&G’s information network is secure and that their workforce is using best practices for transmission of client information at all times.
“K&G’s goal is to ‘practice what we preach.’ With SymQuest’s help, we are confident that we are securing our client’s information and that we are always applying best practices with respect to security and HIPAA compliance. These solutions have been a complete success for K&G.”