For many years MRIoA has understood the need for securing emails that contain protected health information (PHI). Policies have been in place to require the use of email encryption whenever PHI must be sent via email. These policies ultimately required the user to be aware they were about to send PHI and to utilize the MRIoA’s available ZixMail solution. In an effort to help streamline the process and enforce compliance, MRIoA has invested in the Cisco Email Security Appliance (CESA). Formally IronPort, and having been acquired by Cisco, CESA has been reworked into the Cisco family of security products.
The implementation of the Cisco appliance allows us to monitor all outgoing email for HIPAA compliance. If an email triggers a compliance policy in the CESA that email will automatically be encrypted. Of course users still can force encryption on any email. This additional oversight by the CESA will provide a safety net for the human element when sensitive data is present in the communication.
Additionally, the CESA provides industry leading RSA Data Loss Prevention (DLP). Emails that trigger DLP policies can be monitored in the provided tracking system. This just added one more effective tool to our multi-faceted DLP program.
MRIoA continually strives to improve the protection of sensitive client data.
Donald W. Murphy Jr. MS, CISSP
Vice President, Information Technology
