The challenge
With 37 hospitals throughout the country, more than 7,600 employees and over 930,000 patients visiting their facilities annually, Spire Healthcare is one of the leading UK-based providers of private healthcare. As such, Spire employees often have to share highly confidential patient information with a range of external third parties, including NHS hospitals and clinics, patients, and staff outside existing secure networks. In line with their commitment to providing the highest quality medical care, Spire recognised the need to adopt a comprehensive approach to protecting this information that was also simple for staff to use.
The solution
When selecting an information security solution, a key consideration was the government’s Patient Choice scheme, through which Spire offers a proportion of its services to NHS patients. Consequently, they required an email and file encryption solution that enabled them to satisfy NHS Information Governance (IG) requirements, which provide a framework that brings together legal and best practice guidance for handling information. Under the IG requirements, sensitive information must be shared responsibly with external third parties, encrypted to the necessary level and audited to prove that it was sent to only the intended recipient(s).
“This control and auditing functionality has enabled us to remain compliant with the NHS IG policies, which is a key part of ensuring the ongoing success of our partnership with the NHS.”
Sean Conroy, Head of IT Technical Services, Spire Healthcare
Egress Protect offers unique ‘follow the data’ control and real-time auditing, meaning users can stay in control of the information they send electronically, even after it has reached a recipient’s mailbox. “Using Egress Protect, Spire staff can secure and manage the information they share externally,” comments Spire Healthcare’s Head of IT Technical Services Sean Conroy. “Package restrictions and the ability to revoke access enables us to, if necessary, place limitations on what recipients can do with the information that is shared with them. This control and auditing functionality has enabled us to remain compliant with the NHS IG policies, which is a key part of ensuring the ongoing success of our partnership with the NHS.”
Another key consideration for Spire was their ISO27001 certification, which provides the industry standard for managing information security systems and demonstrates that an organisation has put in place the necessary policies and procedures to properly manage information. “Under the ISO certification, we have to examine all information security risks, implementing a solution that both addresses these risks and is flexible to our evolving requirements. As Egress Protect offers a fully configurable service, it helps us remain compliant,” continues Conroy. “For example, Egress Protect can be deployed based upon our individual security policies – it can scan email content and prompt a user to encrypt based on whether key terms are being used. As such, we have an encryption product that can be adapted in line with our security policy.”
Commenting on the announcement, Egress Software Technologies Chief Executive Officer Tony Pepper stated: “We are delighted that Spire Healthcare has chosen our solution to meet their email and file encryption needs. As one of the leading private healthcare providers in the UK, Spire is obviously committed to providing the highest standards of patient care and services, which includes protecting the confidential information they share with third parties. The fact that Egress Protect not only provides this security assurance, but is also helping Spire to remain compliant with the NHS IG requirements and ISO27001, means that we can hopefully contribute to their continued success in the future.”