Medical professionals need ways to share files with one another. The problem is that popular file sharing sites like Dropbox and email don’t measure up to health care provider’s security and HIPAA compliance needs.
The issue has left health systems looking for solutions. But in a bring-your-own-device world in which employees are finding their own ways to access and share data, options can be limited.
A recent survey of businesses representing several industries conducted by IntraLinks, Inc. highlighted the problem. Results showed that 92% of businesses are concerned about employees sharing information outside of locally hosted systems. Additionally, 63% said a secure, public cloud storage system is one of their top needs.
While the results are not specific to health care, they do track closely to things information and security professionals in the industry talk about as primary concerns. Moving data is complicated, particularly when you’re dealing with federally mandated privacy and security requirements. Consumer-grade technology is often not up to snuff.
Health care providers continue to struggle finding tools that will allow physicians to transfer files securely without burdening the user with safeguards that get in the way. At the Privacy and Security Forum, held in Boston in December 2012, Partners HealthCare’s chief information security and privacy officer Jennings Aske said his organization recently tried to find a replacement for Dropbox that would meet health care security standards, namely one that would encrypt stored data. However, after identifying a vendor that offered secure file-sharing services, the vendor declined to sign a business associate agreement. Partners hadn’t found a replacement solution at the time of Aske’s comments because, as he said, too many cloud vendors that offer this kind of storage and file sharing are not transparent enough about their security practices.
But just because there are no obvious solutions doesn’t mean providers can take a pass. Doctors are going to share files, whether they have secure options or not. And with the Office for Civil Rights stepping up HIPAA enforcement, allowing doctors to continue using unsecure methods could be a costly mistake.