Leading US College of Medicine Stays HIPAA and FERPA Compliant as It Migrates to Microsoft’s Cloud
With three areas of focus – education, healthcare and research – the Baylor IT team is responsible for delivering an IT infrastructure that caters to students, patients, faculty and staff.
Bound by regulations including the Health Insurance Portability and Accountability Act (HIPAA) for patients and Family Educational Rights and Privacy Act (FERPA) regulations for students, designing and maintaining key systems such as messaging and email records storage is no easy undertaking.
Paul Crow, Manager of Enterprise Messaging and Collaborative Technologies for Baylor, explained the situation presented to his team prior to initiating an email migration project:
We had been using an on-premises Microsoft Exchange system to provide an email service for our stakeholders. This was supported by safeguards including data loss prevention tools to avoid the transmission of inappropriate information, and also Veritas Enterprise Vault to provide secure email retention services. Due to storage limitations, we were only able to offer 3 years’ worth of archiving capability, and for research staff collaborating on long-term projects, this was unacceptable. Then there were issues with a poor-performing Outlook plugin that was making searching archived email very difficult for people. The final challenge for our email storage infrastructure was a calculation of what it would cost to keep all our data on-premises, given the sheer volume of email traffic. Our estimate ran into multiple millions of dollars!
Baylor made the decision to migrate its systems to Microsoft’s Office 365 cloud service. This was prompted by a change in key management personnel, who adopted a policy of, in an ideal world, “Keep all emails forever”.
Crow elaborated on this decision, “The Office 365 platform ended the problems we’d been having with storage limitations. Being both HIPAA and FERPA compliant meant it was also a feasible solution to migrate our data. We only had to educate users regarding what would constitute protected email content.”
Baylor used TransVault Migrator for its archive migration, delivered along with services from one of TransVault’s top North American partners, US-Amplify.
While ensuring the required level of security and confidentiality, including complete chain-of-custody and accurate ownership mapping, TransVault Migrator moved the institution’s email data in record time.
Joseph Whitmore, US-Amplify’s Technical Lead for the project, upgraded TransVault Migrator in-situ during the project to get the benefit of TransVault’s newly released CloudStream ingestion technology. “The performance of the legacy email data transfer to Office 365 had been good before the software upgrade, but with this this new version of TransVault Migrator, we saw a huge leap forward in terms of throughout”, explained Whitmore.
The project was now going so fast that, at points, USAmplify was waiting on us for input before it could move to the next phase”, added Crow. As illustration of this, the project was running at 3 million messages per week – after the CloudStream upgrade, this improved to 13 million messages per week.
The two teams were extremely complimentary about their joint project. “Working with such a high caliber IT team at the customer’s site made the whole project flow a lot more easily”, commented Whitmore. In return, Crow said, “We were 110% satisfied with the project delivered by USAmplify, and the team worked well with us throughout the process. Plus, our end users – at worst – experienced two hours loss of access to their archives as they were being migrated, so they were happy too.”
A total of 40 terabytes was migrated from Veritas Enterprise Vault into Microsoft’s cloud.
About HIPAA, FERPA & Email Archive Migration
HIPAA and FERPA regulations share similarities in that they are generally concerned with ensuring personal information is securely and privately managed at all stages during its lifecycle.
For example, where personal records are transmitted via email, encryption is recommended to meet HIPAA and FERPA security guidelines, and many organizations employ data loss prevention (DLP) to intercept potentially illegal transmissions and highlight areas of potential risk.
Similarly, where records are being stored in email form, it is imperative that the chosen storage platform provides the relevant security safeguards, classification services and retention & disposition management. If, at any point, the platform used to store email (and indeed, any other record format) is to be physically replaced or relocated, the regulations pertaining to HIPAA and FERPA should still apply.
For example, health sector organizations wishing to migrate their existing email records into to Office 365 should ask these questions of their move:
- How can we maintain data security during transmission of legacy email records to the cloud?
- How can we ensure integrity and completeness of emails post-migration/ conversion?
- How can we maintain confidentiality as records are moved – and make sure the right people (only) have access to the right records post-migration?
- How can we prove due-diligence has been applied in our migration?
- How can we transfer existing retention periods into the new Office 365 model?
If your migration path does not give a satisfactory answer with respect to the above, your regulatory safeguards could be compromised when you choose to migrate….. and this is where TransVault will help your organization comply.
US-Amplify prides itself on making business easier in an information-saturated world by helping companies connect with the true meaning and magic of their data.
Staying ahead in business today requires the ability to manage and decipher complex data quickly and efficiently. This may involve simple email messaging management, archiving, searching and protecting your email or more complex requirements such as migrating your email archive to a new hosted solution – the “cloud”.
TransVault Software is an independent software vendor dedicated to helping organizations protect the viability and integrity of their information archives as they move between different platforms and technologies.
Our products build on over 23 years’ experience with high-end corporate messaging systems and 12 years of implementing and supporting enterprise archiving solutions. This has resulted in a product suite able to address the unique and often very site-specific challenges that can arise during migration.
To date TransVault is behind over 1,200 migration projects, including some of the largest in the world.
Our proven track record and status as a Microsoft Gold Partner, Veritas, IBM and HP partner means you can rely on TransVault to ensure that your email records remain a discoverable asset as your IT strategies and infrastructures change.
TransVault products are available exclusively through a specialized international network of partners that offer a range of bespoke migration services for their customers.