A major US healthcare institution had to suspend its direct mail fundraising activity due to data security breaches between it and one of its direct mail vendors.
In the healthcare world, data is highly confidential; in the right context even the mere names and addresses of patients are considered “protected health information.” Under HIPAA (the federal Health Insurance Portability and Accounting Act of 1996), unauthorized disclosure of protected health information is strictly prohibited, with significant penalties for each violation.
This healthcare institution, like most, includes former patients in its direct mail fundraising efforts. Fundraising is critically important for all health care institutions, because payments from patients, insurance companies, and the government for health care services rendered do not nearly cover the costs of providing health care, and the research necessary for finding new cures.
The fundraising department of this institution badly needed to get back into direct mail fundraising, as it is a significant source of revenue. But without a vendor who could guarantee adequate data security, they were unable to resume any direct mail fundraising.
Then they met with Century Direct. We worked with them to demonstrate how we could provide for:
• Secure data transmission between our two establishments
• Continued robust data security while it was in our possession, including sophisticated firewalls and encryption
• Strictly limited access to their data by Century employees – only allowing access to those who had a direct role in their database management via passwords, and no one else
• Physical protection and sequestration of their data
• Documentation of their data destruction after each mailing
• Adequate disaster recovery protocols which would continue to provide for robust data security in the event of a calamity
After an exhaustive audit by their compliance people, Century Direct was found to be in compliance with the HIPAA security protocols, a series of administrative, technical, and physical security safeguards designed to secure protected health information.
As a result, this institution was able to successfully restart its direct mail fundraising program with Century Direct, to the benefit of its patients and its researchers.
Century Direct is very proud to be helpful to this institution.
Categorized in: News
This post was written by MIchael Kellogg