Open Menu Close Menu

Creighton University: Researchers Comply with HIPAA Using PKZIP

Creighton University is consistently recognized as one of the top private universities in the country for medicine, pharmacy, physical therapy, occupational therapy, dentistry, and nursing. In addition to teaching, research is an important aspect of the school's programs. Faculty members and graduate students conduct research in many areas, including ethics, clinical drug studies, innovative educational techniques, among others.

HIPAA Implications
As part of their ongoing research, professors, doctors, graduate students, and others exchange a wide range of confidential patient data. To maintain the integrity and privacy of such data, the U.S. Government introduced the Health Insurance Portability and Accountability Act (HIPAA) in 1996 and established April 2003 as the deadline for compliance. In 1999, Creighton set up a working group to look at the implications of HIPAA as it related to its medical centers. In 2002, the school began to consider the ramifications of HIPAA on its research efforts.

"We knew that the time was drawing near when we would have to have a standard HIPAA procedure in place to adequately protect subject identifiers from improper use and disclosure," says Dr. Phillip Vuchetich, assistant professor of Pharmacy Sciences.

Meeting Requirements
The university was already using PKZIP to compress large files, so it was familiar with the product and its capabilities. However, the school wanted to determine if the newest version of PKZIP, which provided strong encryption, could meet the tough security and privacy standards set forth by HIPAA. Alternative solutions Creighton could have implemented included S/MIME and PGP, however, these methods would have required greater investment, are more complex, and raise interoperability issues.

Because PKZIP integrates with both PKI and non-PKI environments, the cost was much less for deploying internally as a security solution as well as for interoperating with external recipients.

"Our goal was to assess PKZIP's capabilities with regard to protecting health-related data as well as the integrity of our research," says Dr. Vuchetich.

To determine if PKZIP could meet HIPAA requirements, Dr. Vuchetich, along with Dr. Vasant Raval, chair of the department of Accounting in the College of Business Administration, launched a formal PKZIP study in June 2002. The researchers implemented PKZIP in a Microsoft Windows environment made up of more than 110 researchers, and then began testing in two browser environments, Microsoft Internet Explorer and Netscape Navigator.

"The implementation of PKZIP was swift and relatively easy," explains Dr. Raval. "We found the product performed data encryption well, and integrated smoothly with externally supplied digital certificates. Plus, once we equipped a few users, PKZIP scaled quickly and easily to our remaining researchers."

Seamless Integration
Today, more than 300 researchers associated with the Creighton University Medical Center rely on PKZIP to exchange confidential patient data and other research-related information. By relying on PKZIP's seamless e-mail integration with Microsoft Outlook, researchers now have an easy-to-use solution for sending e-mail attachments compactly and securely.

Phillip J. Vuchetich, Ph.D. (philv@creighton. edu), is assistant professor of Pharmacy Sciences, and Vasant Raval, Ph.D. (vraval@, is professor and chair, Accounting, both at Creighton University.

comments powered by Disqus