PCI, SOX, FERPA, GLBA
Fortress Trust is the leading industry solution for secure email. If you or your business practice is subject to government privacy laws or you simply need to be able to communicate over the Internet in a secure manner, then Fortress is for you.
What is a Fortress?
Fortress converts outgoing email with military grade encryption so that your conversation with trusted recipients cannot be intercepted or hacked. Your emails are never stored on the Internet where it can be captured or hijacked by criminals. Once your trusted recipient has been authenticated, they will be communicating within a “secure tunnel” within your company Fortress portal. With your permission, your established contacts will be able to securely send and receive email with attachments to you at any time through the Fortress.
Why Should I have a Fortress?
The Fortress is a network gateway appliance that provides encryption to your email in compliance with US Federal privacy laws that pertain to the healthcare and banking/finance industries. The Fortress provides your staff with selective encryption of certain email messages or an automatic rules-based evoked encryption by scanning of all outbound email.
Fortress is available in deliverable forms of appliances; an onsite physical or virtual appliance and as a hosted service in our secure datacenter, depending on your operations requirements. Fortress can be managed for you by Fortress security staff, your own staff, or it can be managed as a collaborative effort. In either case you choose whatever best suits your needs and requirements.
Fortress offers an email encryption capability to your email services. Fortress’s email encryption is programmable so that it can be tailored to your business. Fortress can be set to scan all outgoing email such that PHI may be discovered and alert the sender that encryption may be necessary. Alternatively Fortress can be set to automatically encrypt the outgoing email before it leaves your email system. Fortress scans the content of the header and body of the email. Fortress also scans any attachments and can be set to automatically encrypt the email in accordance with HIPAA privacy rules. Even if your staff “forgets” to send email as an encrypted message and there is PHI content in that email that your staff was unaware of, not a worry. The Fortress HIPAA scanning engine will catch it and automatically encrypt the message before you violate the HIPAA privacy rules and possibly incur a fine. There are many programmable features that can be set to force emails to be sent encrypted even if the sender forgets. Certain staff can have unique settings made that encrypt everything they send while other staff members have emails encrypted only when they purposely instruct Fortress to send as encrypted, or when the Fortress scanning engine finds PHI in the email.
Health Information Technology for Economic and Clinical Health Act (HITECH Act) is part of the American Recovery and Reinvestment Act of 2009 (ARRA). The Final Rules for HITECH Act. security standards were issued on February 20, 2003. It took effect on April 21, 2003 with a compliance date of April 21, 2005 for most covered entities and April 21, 2006 for “small plans”. The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Security Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications.