Knowledge Gap

By Baselinemag  |  Posted 2007-02-14 Email Print this article Print
 
 
 
 
 
 
 

The HMO wanted to encrypt confidential e-mail messages, but some employees were not following the rules.



Knowledge Gap

The encryption technologies were working as expected. But Patterson quickly realized he didn't have a comprehensive way to track, much less enforce, the policy that any confidential information must be encrypted prior to being transmitted over e-mail. The question was, as he puts it: "We have this great tool in place, but how do we know people are using it?"

Stepping into the picture was Vontu, a provider of software that scans outgoing communications, whether via traditional e-mail or the Web, to look for specific kinds of data such as Social Security numbers.

In June, the vendor ran a risk assessment for 21 days on the Harvard Pilgrim network. "The results were extraordinarily revealing," Patterson says. Basically, the assessment "told us a lot of people weren't using the e-mail encryption."

He wouldn't detail how many communications his team found that weren't in compliance—that is, e-mails that should have been encrypted but weren't—except to say it was a "substantial amount."

Specifically, in several cases employees were sending out confidential data without realizing it. That's because they might have received a form as an attachment, such as a Word document, from an outside provider. They then replied to, or forwarded, the original e-mail but didn't properly use the PGP encryption, thereby violating the policy.

Patterson's group is now rolling out the Vontu product, aiming for official deployment early this year. The software, once fully in production, will monitor Web and e-mail traffic going out of the Harvard Pilgrim network. If the Vontu system identifies something that appears to be confidential data, it will automatically instruct the PGP Universal server to encrypt it.

Is Patterson still paranoid? Maybe a little. But now, he says, "We've put in some controls to help protect our information."



<1234>
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters