Security: Safe Savings for MedicAlertBy Debra D'Agostino | Posted 06-05-2006
Security is a primary concern for any corporate IT shop, but when it comes to protecting sensitive health-related data, security is a particularly sticky issue. Take, for example, MedicAlert, the Toronto-based medical information services firm that produces customized, wearable bracelets and necklaces. Its mission, says Michael Shreve, the company's director of systems and supply chain, is to "speak for our members when they can't speak for themselves." In the event of a medical emergency, first responders like EMTs can instantly access medical information about MedicAlert's members, first by checking the patient's bracelet (on which hangs a tag engraved with emergency medical information), then by calling a toll-free number that yields the patient's entire medical record. MedicAlert has more than 4 million members worldwide and is available in 140 languages.
As the company expanded over the years, Shreve says, it began to experience some growing pains. MedicAlert members could only update their records by calling customer service, which at an average call time of 20 minutes was a lengthy ordeal for the customer and a costly one for the company. Shreve says it quickly became apparent that clients should have the ability to view and edit their own records online, "but security and privacy is absolutely paramount," he says. "We needed to ensure that member data would always be secure, as if it were in a bank vault."
So it teamed up with security vendor Stonesoft to install firewall and intrusion detection software to ensure that only authorized members could gain access to the company's secure Web site. The system runs on two separate Internet connections to make sure customers have around-the-clock access. "Our perimeter security was already pretty solid," Shreve says, "But Stonesoft helped us ensure that our customers can connect to us safely."
Customers enjoy improved customer service because they can access their files any time of day and even download the data to a mobile phone to bring with them to their medical appointments. That wasn't possible before the Stonesoft deployment. "Our customer service desk is open from 9 a.m. to 5 p.m., Monday through Saturday," Shreve says. Now, more than 40 percent of the company's online traffic happens after business hours.
And allowing customers to edit their own patient records frees up customer service reps to spend more time on the important process of reviewing patient records to ensure there are no errors. "That same customer service agent is doing three times the work in the same amount of time" than they were on the phone, Shreve says.