Laptop Encryption for HIPAA Compliance

MSP Insight’s recently featured BEI as the spotlight company for client success. Our CEO Ellen Jennings shared her insights on how BEI’s approach to Laptop Encryption was able to help our client Arthritis and Rheumatism Associates:

Describe this client’s problem that precipitated the need for your solution(s) 

Arthritis and Rheumatism Associates (ARA) is a large healthcare practice based in Maryland. With approximately 20 physicians and more than 200 staff, ARA manages an extensive IT infrastructure. Additionally, all staff has computers, and most of the clinical staff also have laptops or tablets. Successfully managing and encrypting these various devices is critical to ensuring sound business practices. Above all, doing so enables the healthcare organization to be HIPAA-compliant. At the same time, it protects above and beyond the letter of the law by allowing temporary removal and restoration of data access when encryption alone isn’t enough.

With all of this in mind, ARA had been running a server-based solution for device/laptop encryption. Meanwhile, this method became expensive and inefficient as they moved more of their infrastructure to the cloud.

What solution did you implement and how did it address the client’s challenge?

We implemented Beachhead Solutions’ SimplySecure for MSPs and Windows 10 BitLocker, using our RMM (ConnectWise Automate) tools for deployment. The deployment went very smoothly, taking approximately one day to encrypt 180 machines. As a result, there was very little disruption to the end users.

The Beachhead platform provides a “Safe Harbor” should any of ARA’s computers become lost or stolen. Under those circumstances, the sensitive data on the computers, laptops, and tablets cannot be accessed. Reports available via the Beachhead management portal enable ARA to document that the machine in question has been encrypted. Moreover, it is also possible to remotely wipe and lock the machine, deleting all of ARA’s information from afar.

How is the solution helping the client do business more efficiently?

What took weeks to implement a server-based encryption system took literally one day with SimplySecure. Following the implementation, changes like OS upgrades (e.g. Windows 7 to Windows 10) and adding vulnerable phones/tables/USB devices are similarly accommodated. All of this can be done remotely and quickly with minimal employee interruption, which is key for a busy organization like ARA.

How is that success being measured and attributed to your solution? 

BEI is ARA’s outsourced IT partner and and we provide all of their IT services. From our perspective, SimplySecure for MSPs eliminates the need to maintain a server and simplifies device deployment and management. This saves time and money and enables us to create policies based on reporting. These polices automatically and remotely wipe or lock machines based on specific parameters that we set.

Has this solution led to any new business opportunities or product/service offerings for your company?

Having SimplySecure for MSPs in BEI’s product line gives us the opportunity to talk to clients in regulated industries like healthcare (HIPAA), financial services (FINRA, FDIC, etc.) and government contractors (NIST 800-171). These clients have requirements for encryption, putting us in a better position to win new and profitable business. Many of our current clients are increasingly concerned with security and interested in managed encryption and remote PC and device access control.