Case Study

A global semiconductor manufacturer protects 1000+ employee medical records to achieve HIPAA compliance with Seclore

Skyworks 1024x683 1
An international semiconductor manufacturer was required to collect and report COVID-19 infections among employees working in California to occupational safety regulator, Cal/OSHA. The company implemented Seclore for File Servers, or Hot Folders, to tightly control internal access to sensitive employee medical data while enabling secure sharing in compliance with HIPAA requirements.

The Challenge

Quickly implementing a process for managing sensitive employee medical data

To maintain employee safety during the COVID-19 pandemic, our client, a global semiconductor manufacturer, was required by the Division of Occupational Safety and Health (DOSH) to report cases of illness at their offices in California. DOSH, more commonly known as Cal/OSHA, mandated that companies track COVID-19 outbreaks to notify employees of potential exposure and provide unredacted employee medical information on cases to state health departments. The regulations also required Californian employers to report COVID-19 illness to Cal/OSHA within eight hours of learning that an employee was affected.
Handling employee medical data requires compliance with the Health Insurance Portability and Accountability Act (HIPAA). Our client needed to quickly implement processes that were compliant with both Cal/OSHA and HIPAA regulations. Non-compliance could result in critical data breaches which can cost companies up to $50,000 in HIPAA penalties per violation.
Maintaining employee safety while achieving compliance was a top priority for our client. The company was looking for a solution that would allow them to store sensitive employee medical data while enabling secure sharing with Cal/OSHA and health authorities. Internally, our client needed to provide limited access to outbreak information to the right individuals in the human resources (HR) department in order to notify employees of exposure while protecting confidential details.
red quotes
"Client to provide copy. "
John Doe
Designer

The Solution

Automatically securing internal and third-party file sharing

Our client used Seclore for File Servers, or Hot Folders, to store all of its employees’ medical records in a single protected folder and securely share information with Cal/OSHA and state health departments.
Hot Folders provide automatic protection for stored files. As soon as a file is saved to a Hot Folder, it inherits the access and usage controls that have been pre-defined for that folder. The security policies stay with the file on every platform and device, even if it is downloaded or copied. Granular access controls applied to Hot Folders enabled our client to customize which users could view what data. This gave our client the flexibility to allow both the HR team and the governing bodies to access only the data that was relevant to their needs.
Since all files in the Hot Folders are automatically subject to the same controls, the compliance team reduced the time spent managing access permissions and checking on individual file security. Seclore for File Servers also provides audit and usage tracking for data shared beyond an enterprise’s perimeter. This enabled our client to easily detect and record any unauthorized events outside of the organization, ensuring continued HIPAA compliance even when data was shared externally.

The Results

Protecting 1000+ employee medical records while leveraging critical outbreak insights

Through implementing Seclore for File Servers, our client was able to respond quickly to the new COVID-19 regulations without overextending the security team. The company achieved HIPAA compliance while providing critical information to Cal/OSHA and the local health authorities when necessary. This helped the company avoid penalties that could harm the bottom line.
Tracking COVID-19 infections and reporting cases appropriately also helped our client ensure the health and safety of their workforce. This enabled the organization to maintain growth during a period of disruption throughout the supply chain.
Cal/OSHA guidelines continue to mandate that employers in California record cases of COVID-19 for two years and provide unredacted medical information to health authorities when required to do so. Seclore for File Servers helps our client ensure compliance with Cal/OSHA and HIPAA standards while focusing resources on business expansion in the post-pandemic landscape.

Achieve Compliance with Data-Centric Security