Novell is now a part of Micro Focus

Secure Messaging, Part 4: Protecting Confidential Medical Information with a Turn-Key Email Security Solution

Novell Cool Solutions: Trench

Digg This - Slashdot This

Posted: 7 Mar 2002

Version: GroupWise 6

E-mail security is a very hot topic for our readers these days. In the wake of the terrorist attacks of September 11, there has been heightened interest how government agencies, corporations, and individuals can protect the confidential and classified information that they share via e-mail. We turned to our new partners at Tovaris to help us explain these complex issues.

Tovaris is our new secure messaging partner. They are an e-mail privacy and security company located in Virginia. Their product suite, the Tovaris E-mail Security Solution (TESS), provides e-mail security capabilities to financial services firms, healthcare providers, and government agencies.

In this fourth article of a series about e-mail security, we explore the challenges of keeping medical and financial information confidential.

Also in this series:

  • Secure Messaging, Part 1: The Challenges of E-mail Cryptography
  • Secure Messaging, Part 2: PKI-Enabled E-mail Security
  • Secure Messaging, Part 3: Secure Online Delivery
  • Secure Messaging, Part 4: Protecting Confidential Medical Information with a Turn-Key E-mail Security Solution
  • Secure Messaging, Part 5: Protecting Confidential Financial Information with a Turn-Key E-mail Security Solution
  • Healthcare Compliance with HIPAA Regulations

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is designed to improve the healthcare industry's efficiency, accountability, privacy, and security, and to provide long-term cost savings. The three main regulatory components of HIPAA are administrative standards, privacy, and security. In this article we will focus on the last component, security regulations.

    According to the Department of Health & Human Services, the security guidelines "have been developed to protect the confidentiality, integrity, and availability of individual health information". n particular, there are sweeping new requirements for healthcare providers for the handling and transmission of electronic patient data, know as Protected Health Information (PHI).

    Healthcare organizations of all sizes and types ( "covered entities") are governed by these regulations, including hospitals and health systems, physicians offices, insurance providers, and health and human services agencies. In fact, "any health care provider, health care clearinghouse, or health plan who electronically maintains or transmits health information pertaining to an individual" is required to comply. All organizations must move to comply with the security regulations quickly, or risk severe penalties.

    HIPAA and Encryption

    PHI that is transmitted across open networks (including the Internet) must be protected. Since most covered entities use e-mail to perform this type of communication, e-mail security is a main component of the "Technical Security Mechanisms" that are required for compliance. Healthcare providers that have taken the necessary steps to safeguard PHI will be able to communicate more efficiently.

    Tovaris Provides Turn-Key E-mail Security for HIPAA Compliance

    Tovaris enables any healthcare organization to address the five major requirements of a HIPAA-compliant secure messaging system with the Tovaris E-mail Security Solution? (TESS):

    • Authentication ("Is the sender who he says he is?")
    • Authorization ("Is the sender allowed to send this message?")
    • Integrity ("Did the message reach its recipient unaltered and unchanged?")
    • Encryption ("Was this message protected (unreadable) across the Internet?")
    • Auditing ("Can we prove the message was sent securely?")

    Any e-mail security solution a healthcare organization considers must address the following questions:

    1. Does the product integrate seamlessly with my existing network and e-mail infrastructure, including virus checking, content scanning, and archiving services?
    2. Will the product enable my employees to encrypt sensitive information from their familiar e-mail application, while still sending and receiving messages as normal?
    3. Will the product deployment, management, and use overburden my systems administrators?
    4. Is the product cost effective?

    The Tovaris E-mail Security Solution? (TESS) allows healthcare organizations to comply with HIPAA security regulations for PHI encryption in a transparent, cost-effective manner.

    In our next article we will explore the regulatory requirements facing the financial services industry for the handling and transmission of individuals' sensitive financial information.

    For more information regarding the Tovaris E-mail Security Solution?, contact Sean Steele, Tovaris National Account Manager, at 703-465-0964 or visit the Tovaris website at

    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

    © Copyright Micro Focus or one of its affiliates