NHS Trust uses Egress to share sensitive information securely and to remain compliant with UK data protection legislation
The Central London Community Healthcare NHS Trust reflects on their selection of Government-certified and award-winning technology to protect sensitive patient information.
Offering healthcare services at over 160 sites throughout the London boroughs of Barnet, Hammersmith and Fulham, Kensington and Chelsea, and Westminster, CLCH employs more than 3,000 staff and supports almost one million patients. Providing a range of community and in-patient services, including rehabilitation, palliative care, and NHS walk-in and urgent care centres, as well as offering comprehensive care and support in patient homes, CLCH needed a solution that would enable their diverse workforce to communicate very sensitive patient information securely.
“We selected Email and File Protection for two main reasons. Firstly, being a UK-based company, Egress makes it easy to comply with the DPA. Secondly, Email and File Protection is certified by CESG, the communications security arm of the UK Government, which makes usage of Egress technology very secure.”
The challenge
Marek Zakrzewski, Information Security Manager at CLCH, explains: “The NHS in general is increasingly communicating with local councils and other healthcare providers, as well as with the patients themselves – and with many different clinics spread across Central London, CLCH is no exception. We consequently needed a way to communicate personal identifiable data securely, including to recipients outside of the NHS network, in order to remain compliant with the Data Protection Act (DPA) and other UK legislation.
The solution
The UK’s first, and currently only, CESG CPA Foundation Grade certified email encryption product, Egress Protect, helps both public and private sector customers to share IL2 and low-threat IL3 data (OFFICIAL and OFFICIAL SENSITIVE under Government Classification Policy) over the internet, without the need to manage external third party credentials.
“We were also looking for a system that is very easy to use,” continues Zakrzewski. “The NHS workforce is busy treating patients and we didn’t want to introduce another new technology that would create a distraction for them. However, users were surprised by how easy Egress Protect is to use. Effectively, they only need to mark emails as private, personal or confidential, and the policy and governance are taken care of in the background.
“Egress Protect has proven very valuable to us and we are consequently looking to expand our usage of the Egress platform. We are currently examining our capability to transfer very large files in and out of the trust, so we can leverage Egress technology using Egress Protect instead of using a secure file transfer protocol. In addition, we can also make use of the Egress Secure Web Form, which would allow patients to send their own data to us securely, even if they don’t understand how this is done.”
Commenting on the announcement, Egress VP Account of Management Kelly McCann stated: “CLCH are an excellent example of an NHS organisation recognising the need for encryption services when communicating sensitive patient information between staff members and with third parties, such as local authorities and other health and social care providers, and proactively taking steps to remain compliant with data protection laws and legislation. Using Egress Protect, CLCH can ensure they are protected from data losses and breaches that can put patients at risk and incur large penalty fines. We look forward to working closely with CLCH to provide an integrated approach to secure communication, whether by email, file transfer or web form.”
“We were also looking for a system that is very easy to use,” continues Zakrzewski. “The NHS workforce is busy treating patients and we didn’t want to introduce another new technology that would create a distraction for them. However, users were surprised by how easy Email and File Protection is to use.”
About Egress
Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen.
Trusted by the world’s biggest brands, Egress is private equity backed with offices in London, New York, and Boston.