As a professional in the healthcare industry, your patients’ privacy and security is always a top priority, especially in relation to HIPAA compliance. Hospitals often use HIPAA encryption and proprietary file formats in an attempt to protect patient information, but content is unsecured in many standard applications such as Microsoft Word and Excel, allowing information to slip through the cracks. By Joe Moriarty, VP of Sales and Marketing at Content Raven
HIPAA was put in place to protect patient rights, but it can only do so much. Providers need to take PHI security to the next level when transferring files electronically.
As a professional in the healthcare industry, your patients’ privacy and security is always a top priority, especially in relation to HIPAA compliance. Hospitals often use HIPAA encryption and proprietary file formats in an attempt to protect patient information, but content is unsecured in many standard applications such as Microsoft Word and Excel, allowing information to slip through the cracks.
HIPAA was put in place to protect patients’ rights by securing digital information. For the most part, it does the job. However, hospitals need to examine internal business processes and take a serious look at how data is protected on individual desktop computers, laptops and mobile devices. Despite the best of intentions and efforts, there is always a risk that must be taken into account when it comes to transporting sensitive patient files and information.
The lack of a universal electronic medical record (EMR) system is another major issue associated with patient security. Every hospital, insurance agency, doctor’s office, pharmacy, specialist, and ambulance company uses its own software and methods for keeping track of medical documents – it’s no wonder things get lost in the shuffle.
The fines associated with the improper revelation or transfer of a person’s medical files are steep, and infractions can result in lawsuits being filed against the person or organization who sent the files, not necessarily the entity who receives and subsequently loses or intentionally distributes the private information.
So how do practitioners and staff in the industry put a stop to data leaks in healthcare institutions, to protect both the providers and their patients?
The key to keeping private patient information safe lies in securing the process through which files are transferred. Think about it: every time a patient moves from an ambulance to a hospital, or from their primary physician’s office to a specialist, their medical records are transferred as well. The important question is how to properly track and secure these documents in the process?
Asking the right questions when considering which file distribution platform to use is crucial:
- Does the solution stream content through a secure cloud to avoid the saving of files on individual devices and hard drives?
- Do senders have the ability to limit the type and number of devices on which a user can view content? This helps to eliminate the issue of sharing personal login credentials.
- Does the platform seamlessly integrate into existing legacy systems in use at a facility?
- Does it allow senders to see which device content was accessed with and where, geographically, they accessed the information?
- Does it allow for remote termination of content, either on-demand or by scheduling an expiration date?
- Does the platform allow senders to see who viewed their file, video, PDF, etc. and for how long they viewed it?
- Does it allow senders to set restrictions on printing, saving and forwarding messages and attachments?
- Does it embed dynamic watermarking into all content types, including PDFs, videos, Word docs, and more, to prevent screenshot workarounds?
In the age of digital file sharing, healthcare professionals must be extra vigilant in using file sharing solutions that take into account all of the above factors in order to protect their patients as well as their facilities from the repercussions of a data breach. Do the necessary research and find a solution that offers in-depth tracking analytics and advanced sharing and restriction options to make patient file leaks a thing of the past.
About the author
Joe Moriarty joined Content Raven in May 2011 as VP of Global Sales and Marketing.