The Rochester Regional Health System (RRHS) in New York includes several affiliated organizations that provide a broad range of healthcare services to the residents of greater Rochester and surrounding towns. Their main facility, Rochester General Hospital, sees more than 1 million outpatients annually. This means millions of patient records, insurance claims, and other billing information need to be transferred between RRHS affiliates, clearing houses, insurance companies and other vendors.
RRHS was using a patch work of homegrown file transfer servers and scripts to send and receive files from EPIC EMR, Workday HRIS, ADP Payroll, Trizetto ClaimLogic claims and 835 remit clearing houses and others. They also were looking at supporting a growing number of cloud-based applications.
File Transfer Challenges and Requirements
Whether the driver is brand protection, recent high-profile breaches, or the risk of a non-compliance finding, preventing the loss of sensitive EMR or PHI data is a top concern of healthcare providers like Rochester General Hospital.
Case in point, a recent Ipswitch survey revealed 84% of US IT pros polled say the ability to securely transfer and share files is very important.
Risk and compliance groups are mandating tighter security controls to comply with HIPAA, HITRUST, GDPR and other regulatory mandates. Data in motion is data at risk and particular attention must be paid to the security and compliance of external file transfer processes.
At Rochester, limitations with the existing homegrown file transfer methods that made it difficult to comfortably meet compliance mandates and other challenges that included:
- Protecting patient PHI data to comply with HIPAA and internal security policies
- Meeting payment agreement terms
- Securing data exchange with new cloud-based applications
- Centralized monitoring and documentation of data transfers
Dylan Taft, Systems Engineer at RRHS was chartered with modernizing their file transfer system, and his key requirements included:
- A consolidated solution with a robust security model that simplifies HIPAA compliance for file transfers
- A standard method for creating and managing tasks
- An automated secure file transfer with cloud-based applications
- Scales to meet a growing number of end points and organizations
- Easy to learn and use
Dylan selected MOVEit MFT Complete, a cost effective package that includes the secure managed file transfer capabilities of MOVEit Transfer with the task-based automation functionality of MOVEit Automation. MOVEit helps Rochester improve their security posture by providing a unified file transfer infrastructure.
MOVEit Secures PHI Throughout the File Transfer Lifecycle with 7 Layers of Defense
- Layer 1: MOVEit protects data in transit using secure file transfer protocols like SFTP, FTPS and HTTPS. It supports SSH, TLS and SSL encryption protocols
- Layer 2: It protects data at rest using AES-256 encryption.
- Layer 3: MOVEit guaranteed delivery provides automatic file integrity checking using SHA-1, validating that a file has not been altered in any way. Non-repudiation validates that files are transferred between authorized senders and receivers, safeguarding against man-in-the-middle attacks, where data in transit is hijacked or tampered with.
- Layer 4: It integrates with content scanning solutions like Data Loss Prevention and anti-virus software. It logs all content scanning activities and alerts when data loss or malware is detected.
- Layer 5: MOVEit Gateway is a proxy server that adds another layer of defense. The Gateway sits in the DMZ ensuring that no date is stored in the DMZ. It terminates all inbound connections in the DMZ and makes sure that all communications to the trusted network go through a secure tunnel.
- Layer 6: It's Ad Hoc functionality provides easy to learn and use file transfer for desktop clients. Users can send large files securely through a web browser of Microsoft Outlook. This reduces the chances of users exposing sensitive data by circumventing IT with unsecure file transfer solutions like Dropbox. (Put a link in on recent Dropbox hack)
- Layer 7: MOVEit Automation replaces scripting with task-based user interface. Consolidating all automation tasks to a single central system, simplifies IT ability to manage and ensure the security of their file transfer workflows. It enables them to on-board new users and vendors quickly and securely.
Download a free 30-day trial and see how MOVEit MFT Complete will help secure your sensitive data and meet compliance mandates.