Director of Information Systems
Tribeca Pediatrics is a general care practice in New York City, with over 40 neighborhood clinics spread across Manhattan, Brooklyn, Queens, the Bronx, Staten Island, and New Jersey. With a focus on children’s healthcare, the clinicians and staff at Tribeca Pediatrics need to communicate quickly and securely with parents while maintaining compliance with data privacy regulations like HIPAA.
With Virtru, Tribeca Pediatrics can:
For Tribeca Pediatrics, meeting HIPAA compliance is a top priority, and it’s the reason they discovered Virtru. With over 40 locations, Tribeca Pediatrics has grown substantially since it was founded in 1994. The organization needed a unified, scalable, HIPAA-compliant way to handle communications with parents and families.
“Virtru came into the picture in conjunction with our Salesforce implementation,” said Steven Schwartzberg, Director of Information Systems for Tribeca Pediatrics. His team uses Salesforce to streamline patient communications and deliver the seamless experience that patients want. “We want to make our communication as consumer-friendly as possible. The healthcare industry is moving that direction, because it’s what patients and families expect. For example, we communicate with a lot of young parents who are used to seamless experiences in other industries.”
To make sure Salesforce communications remain compliant with HIPAA, Tribeca Pediatrics needs additional security to protect PII and PHI flowing in and out of the SaaS app. Tribeca Pediatrics chose Virtru for encryption.
“We want to be 100% compliant and make sure the data we’re sending outside our network is secure,” Schwartzberg said. Virtru integrates with Salesforce behind the scenes to automatically protect certain templates that are customer-facing, so anything containing HIPAA-related information will be protected, every time. The Tribeca Pediatrics leadership team also uses Virtru for Google Workspace to protect other sensitive communications via Gmail.
For Tribeca, ease of use was the deciding factor in choosing Virtru. “To send a secure email, you just toggle the button, and it’s encrypted,” he said. “It works how it says it does.”
Tribeca Pediatrics uses Google Workspace, but it consolidates the vast majority of external data sharing into Salesforce. In fact, Tribeca Pediatrics limits external email capabilities on an as-needed basis. “It’s one of the bigger moves we’ve made from a compliance standpoint,” Schwartzberg said. “Employees are not going to get spam or phishing emails, and it helps prevent PHI from leaving the system.”
By structuring the Tribeca Pediatrics tech stack in this way, its security team mitigates risk and ensures that any sensitive information leaving the organization via Salesforce is automatically encrypted via the Virtru Data Protection Gateway.
To accomplish this, Tribeca Pediatrics uses Virtru’s server-side data protection to automatically encrypt certain types of Salesforce templates. The security team designates the templates that contain sensitive information subject to HIPAA or other compliance regulations, and if a user chooses one, it will be encrypted before it leaves the organization. This makes it effortless for staff and practitioners to protect patient records.
So, Virtru is seamless for internal users. But what about external recipients?
Because of Virtru’s simplicity, the organization is confident that external recipients will be able to easily access their private, encrypted information.
“I rarely get comments or complaints about how Virtru works,” Schwartzberg said. “I don’t need bells and whistles. I just need it to work and be as frictionless as possible, and that’s what we get with Virtru.”
While many Tribeca Pediatrics employees don’t require access to email, the executive team does. Virtru for Gmail helps them protect any sensitive information that needs to be shared with other providers, patients, or partners.
With this layered approach, Schwartzberg empowers his team with the tools they need to safeguard children’s health data. Any information shared in Salesforce is protected with server-side encryption, and emails from the executive team in Gmail are protected with client-side encryption.
“Sometimes, the team doesn’t know they’re encrypting something, and sometimes they do. We want people to have data security and compliance in their heads, and all things Virtru make it as frictionless as possible.”