Consolidating and updating internal applications on a regular basis is common for healthcare organizations these days and ensuring data is private and secure should remain a primary focus during these projects. PeaceHealth, a non-profit healthcare organization that operates nine hospitals in the western U.S., has been using Globalscape as its file sharing solution for the last few years.
Though using a technology such as Globalscape, which offers enterprise file transfer software for healthcare providers, has helped merge the different file transfer methods across PeaceHealth, there are security benefits as well. All of Peace Health’s projects have a vetting process that they go through where the exchange of specific patient data needs to be approved by either legal or the security team. And it requires that anyone it exchanges data with use some form of file transfer that’s going to either encrypt or protect that data as it’s delivered to the external location. Globalscape can offer security support such as FIPS 140-2 certified encryption.
Matt Quirk, Senior Interface Systems Analyst at PeaceHealth, explained that there was a list of specific security protocols that were identified and required by the organization before using a file sharing product.
The protocols we use most often are Secure File Transfer Protocol (SFTP) and we use File Transfer Protocol (FTP) over SSL, with or without PGP encryption. And we do HTTPS as well. We use FTP regularly for limited, internal-only transfers, as we don’t go outside of our intranet with the regular FTP.
Karl Skoog, Development Manager at PeaceHealth who takes care of interface work, Web development, data extracts and secure file transfer within the organization, explained that Globalscape had all the security protocols that PeaceHealth needed. We had identified protocols that we had requests for previously and made sure that those were met by Globalscape. But making the balance between security and usability was important as well.
We have a configuration in place where we have a server in the DMZ that communicates and interfaces with the Globalscape server internally. So there’s an extra layer of security that we have in place just with the hardware server configuration.
Any new project that gets approved that has a file-sharing component of transferring data into or out of the PeaceHealth Network utilizes Globalscape, said Skoog. It also uses it in its reference lab because there are some lab clients that may have a smaller EMR system that don’t have HL7 interfaces and are file-based, they expect PeaceHealth to securely drop a file of lab results. “We use Globalscape to securely drop those lab results to the external clients,” Skoog said.
James Bindseil, president of Globalscape, said that healthcare providers are generally looking for solutions to business problems, such as ensuring that they can move patient information between providers in an efficient and easy-to-use manner while maintaining compliance. “Providers are more worried about the treatments that they’re providing and saving and enriching lives than they are about any encryption mechanism,” he said. “They have the weight of federal regulations on them as well. Organizations need to be able to send and receive data without it residing in their demilitarized zone (DMZ).”
Sign up to receive our newsletter and access our resources
Join 30,000 of your peers and stay up to date on HIPAA, BYOD and IT Security.