Headquartered in Midlothian, Virginia, Epiphany Healthcare delivers an ECG management system, Cardio Server, which simplifies clinical workflow and enables healthcare providers to securely access ECG data and other diagnostic test results from anywhere. Supporting over 950 hospitals and healthcare providers worldwide, Epiphany is committed to serving customers’ needs through product innovation and exceptional service.
The business challenges
As a leading provider of healthcare technology solutions, Epiphany handles significant amounts of HIPAA regulated information. The company recently sought to implement solutions that would enhance security when transferring sensitive, regulated healthcare data, including ECG studies containing PHI, between Epiphany and healthcare providers, partners, and internal users, specifically:
- Secure encrypted email communications when discussing regulated or sensitive patient information
- Secure, streamlined process for healthcare providers to upload patient ECG information to its servers
“We needed something universal, that encrypts emails, that everyone could be a part of, and that didn’t require us to change our email system. We were also looking for a new FTP site. Finding a system that delivered both made me look like an all-star,” said Chad McQuarrie, System Administrator at Epiphany Healthcare.
“Thanks to Egress everything is secure and compliant, and there is no way to bypass the system. This gives us and our customers confidence in our security and we all feel better about it.”
The solution: The Egress platform
Following a review of various products, Epiphany selected the Egress data security platform, specifically Egress Protect and Egress Secure Web Form.
- Egress Protect offers easy-to-use, flexible encryption that provides the highest levels of security. In addition to encrypting message contents and attachments, it enables total control over shared information in real time, with the ability to revoke access, audit user actions and add message restrictions to prevent mishandling of sensitive data.
- Egress Secure Web Form delivers fully customizable web-based forms that enable third parties to easily upload files and submit them to the organization in an encrypted format.
McQuarrie was particularly relieved to find a solution to both challenges from a single vendor as it made management a lot easier.
Easy set up and support
The seamless integration with Epiphany’s existing G-Suite and Microsoft Office platforms was a significant benefit for McQuarrie and his team. It meant that no changes were needed to existing work processes and no additional infrastructure purchases were necessary.
“It was one of the smoothest deployments I have ever experienced, and the Egress Support team is one of the best I have ever seen. They worked collaboratively with me and were very hands on!” commented McQuarrie.
Secure sensitive email communications
Used across the company to secure communications between Epiphany and healthcare providers, partners, and internal users, Egress Protect automatically encrypts emails containing HIPAA, PHI and other sensitive or regulated information.
McQuarrie and Epiphany users particularly like the solution’s seamless and simple integration with G-Suite and Microsoft Office, including the ability to encrypt and decrypt content, directly from within an email, with one click. They also like the ability to log, track, and report when an encrypted email is opened.
“This is big plus for us. I have logs on everything and it enables us to definitively prove compliance – which is a big bonus when undergoing a HIPAA audit,” commented McQuarrie. “It’s not just about proving what happened, it’s also about proving what didn’t happen. We can show that we’re really locked down and can prove that a breach did not happen.”
“It was one of the smoothest deployments I have ever experienced, and the Egress Support team is one of the best I have ever seen. They worked collaboratively with me and were very hands on!”
Secure portal for uploading sensitive data
In addition to Egress Protect, Epiphany uses Egress’ Secure Web Form to create a web-based portal through which users can easily and securely submit ECG studies and other sensitive patient scans and files – all in compliance with HIPAA requirements. The ability to customize the forms, determine pre-approved file types and data workflows was very valuable to Epiphany. “Secure Web Form is extremely easy for our customers to use and it encrypts the data being uploaded – which is huge for us,” added McQuarrie.
Prior to using Egress, customers frequently asked how they should send ECG study data to Epiphany. “Thanks to Egress we now have established Standard Operating Procedures. Our processes are clear, we have a specific protocol, everything is secure and compliant, and there is no way to bypass the system. This is something we promote to our customers. Egress gives us and our customers confidence in our security and we all feel better about it,” commented McQuarrie.
HIPAA auditing and compliance
Epiphany recently underwent its annual HIPPA audit. As part of the audit, McQuarrie was asked to confirm the processes used to secure sensitive data. “I simply said, ‘we use Egress’ and I attached Egress’ documentation and outlined how we use the products, and that was it! That answered all the auditor’s questions. Egress helped us ace our audit,” commented McQuarrie. “Egress gets an A+ from me!”
Our mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behaviour such as targeted phishing attacks, misdirected emails, and data exfiltration.
Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.