Laptop Encryption for HIPAA Compliance

BEI was recently honored to be MSP Insight’s spotlight company for client success. Our CEO Ellen Jennings sat down and shared her insights on how BEI’s approach was able to help our client Arthritis and Rheumatism Associates:

Describe this client’s problem that precipitated the need for your solution(s) 

Arthritis and Rheumatism Associates (ARA) is a large healthcare practice based in Maryland. With approximately 20 physicians and more than 200 staff, ARA manages an extensive IT infrastructure. All staff have computers, and most of the clinical staff also have laptops and/or tablets. Successfully managing and encrypting these myriad devices is critical to ensuring good business practices. Doing so enables the healthcare organization to be HIPAA-compliant and provides protection above and beyond the letter of the law by enabling temporary removal and restoration of data access when encryption alone isn’t enough.

ARA had been running a server-based solution for device encryption, but this method became expensive and inefficient as they moved more of their infrastructure to the cloud.

What solution did you implement and how did it address the client’s challenge?

We implemented Beachhead Solutions’ SimplySecure for MSPs and Windows 10 BitLocker, using our RMM (ConnectWise Automate) tools for deployment. The deployment went very smoothly, taking approximately one day to encrypt 180 machines. There was very little disruption to the end users.

The Beachhead platform provides a “Safe Harbor” should any of ARA’s computers become lost or stolen. In such a situation, the sensitive data on the computers, laptops, and tablets would not be able to be accessed, and reports available via the Beachhead management portal would enable ARA to document that the machine in question had been encrypted. It is also possible to remotely wipe and lock the machine, deleting all of ARA’s information from afar.

How is the solution helping the client do business more efficiently?

What took weeks to implement a server-based encryption system took literally one day with SimplySecure. Other environment changes, like OS upgrades (e.g. Windows 7 to Windows 10) and adding vulnerable phones/tables/USB devices are similarly accommodated. All of this can be done remotely and quickly with minimal employee interruption, which is key for a busy organization like ARA.

How is that success being measured and attributed to your solution? 

We are ARA’s outsourced IT partner and provide all of their IT services. From our perspective, SimplySecure for MSPs eliminates the need to maintain a server and simplifies device deployment and management – certainly saving money. It also enables us to create policies based on reporting that automatically and remotely wipe or lock machines based on specific parameters that we set.

Has this solution led to any new business opportunities or product/service offerings for your company?

Having SimplySecure for MSPs in BEI’s product line gives us the opportunity to talk to clients in regulated industries like healthcare (HIPAA), financial services (FINRA, FDIC, etc.) and government contractors (NIST 800-171) that have requirements for encryption, putting us in a better position to win new and profitable business. We also have many current clients who are increasingly concerned with security and are interested in managed encryption and remote PC and device access control.