Customer Success Story: Secure Exchange of PHI with FIPS 140 Compliant Solution Delivers Major Efficiencies

Company Background Since 1966, our client has served as one of the largest Medicare contractors in the country, now serving over 200,000 providers and suppliers. Medicare coverage provided by the contractor is extended to more than 24.5 million people in 26 states and 5 U.S. territories. Our client has efficient operational, financial, and human resources across the United States, positioning them as a national Medicare leader.

Challenges and Requirements The organization exchanges large amounts of Protected Health Information (PHI) with its major business partner. In the past, the partner maintained strict rules about securely exchanging documents between organizations; this required that all documents be sent via physical mail or courier. Recently, the partner announced that documents could be exchanged electronically via email attachment, if the attachments were encrypted using a FIPS 140-2 compliant security solution (the solution also needed to comply with the HSPD-12 Government Mandate).

In addition to meeting business partner requirements for the secure exchange of email attachments, the contractor wanted to set and apply encryption capabilities from one central location, rather than disperse the responsibility throughout the organization.

The contractor was already using WinZip® for desktop compression, but they recognized that it was not a viable option for data security, because it did not offer enforceable strong encryption or administrative policy support for contingency keys. WinZip also could not meet several of the compliance requirements, specifically FIPS 140.

The Solution – SecureZIP® Enterprise Edition for Windows® desktop SecureZIP for Windows Desktop offers our client strong data file encryption, while meeting FIPS compliance requirements established by their business partner. This meets their initial goal of a security solution that allows them to exchange PHI and other sensitive documents electronically, saving both time and money throughout the organization.

SecureZIP’s contingency key functionality ensures that data can be accessed at any time, even if a passphrase used for encryption is lost or stolen. The contractor can recover any data encrypted using SecureZIP, which is especially important in the instance of an agency audit.

Policy Manager, another capability of SecureZIP, grants the contractor the ability to set security protocols, so they automatically become part of the workflow. In some cases, users are unaware that files are being secured because SecureZIP works “in the background,” encrypting and decrypting files without requiring any user interaction. Using Policy Manager, administrators can centrally control encryption standards, configuring and securing protocols. Every time an employee or affiliate creates a SecureZIP file, the user is locked into encrypting the file according to the agency’s settings.

SecureZIP also provides a solution that is easy to use and deploy within the current work environment. Our client was pleased with how easily SecureZIP integrated with their Microsoft Outlook® email environment and that the solution was interoperable across all computing platforms within their organization.

Read additional Customer Success Stories