Posted by: Jenny Laurello
data encryption, Data privacy, Data security, EHR, EHR security, EHRs, Encryption, HIPAA, Meaningful use, MU, Patient portals
One of the most startling statistics revealed in DataMotion’s recent survey is that nearly one in three respondents believe their organization takes risks because they don’t have the resources to be totally compliant. More than 200 IT and business decision makers were surveyed to gain insight into corporate email and file transfer habits. The survey polled respondents in a variety of industries that routinely deal with sensitive data, nearly 40% came from the health care and/or pharmaceutical field.
There is still a long way to go in developing secure and compliant data delivery strategies in health care, though there has been evolution due to meaningful use stage 2 and the Direct Project. Securing sensitive information housed in emails, file attachments and electronic forms is critical to prevent data leakage, adhere to compliance requirements and demonstrate commitment to protecting patient data. Secure data delivery is a tangible goal with the right data protection strategy, along with education and awareness among staff.
Let’s take a closer look at four major reasons health care organizations still struggle with security and compliance issues, as well as best practices to overcome these challenges:
Some organizations mistakenly believe that suffering a data breach is less expensive than implementing security solutions and being compliant. The reality is that the cost of a mishap often far exceeds compliance fines. Investigation and legal fees, a damaged reputation, loss of customers and decreased revenue are all factors that raise the cost of a breach far beyond that of implementing a data protection solution. Today’s encryption technologies are affordable, intuitive and don’t require users to change their work patterns. There are no keys to exchange, and messages can even be unencrypted upon delivery to a mailbox. Additionally, payment options have expanded greatly, with many services now offering transaction-based payment in the cloud, making it affordable for small organizations.
Only 42.9% of survey respondents in the health care/pharmaceutical field believe employees fully understand their organization’s security and compliance policies for electronic file transferring. Educating employees on existing data delivery policies and solutions, describing them in a way that is easy to understand, and communicating changes as they happen are all important best practices to keep staff up-to-date and on board with company regulations.
A majority (81%) of respondents also revealed that they believe employees violate security and compliance policies for transferring files electronically on a routine or occasional basis. Defined data delivery regulations that impede business operations could be the cause of this, though it could also be because many employees don’t understand existing policies. For example, if the process to send electronic health records, images, and other bandwidth-intensive data is lengthy and complicated, health care workers may use insecure workarounds such as consumer-type, cloud-based tools. Employees will be more inclined to use the tools available to them if they are intuitive, efficient, and get the job done in a familiar way.
Lack of Basic Tools
More than one-third of survey respondents say they don’t have the ability to encrypt email and more than 25% say their organization doesn’t monitor the content of outbound email and file attachments for compliance purposes. These numbers indicate a major security and compliance hole within health care organizations. Strong corporate policies are important, but they are only half of the battle.
Look for a solution that offers an intuitive, easy-to-use interface for IT, users, and recipients. Make sure the tool can transfer multiple types of data, such as email, and electronic files and forms. Also, be sure that it centrally track and report on all exchanges; and includes content filtering for all outbound email. These features will act as a safety net for any user-initiated desktop encryption and ensure all email is scanned for sensitive information.
Now is the perfect time for health care organizations to step back, analyze their data delivery strategy, and coordinate with their IT infrastructure, EHR, patient portal and clinical system vendors as meaningful use stage 2 and the Direct Project get underway. Employee education, strong corporate policies and efficient, easy-to-use solutions are the recipe to security and compliance success. Combining these strategies, health care providers and their staff can focus on patient care rather than getting bogged down with security nightmares and compliance woes.
Bob Janacek is the CTO and founder of DataMotion, an established cloud-based secure data delivery provider. Millions of users worldwide rely on DataMotion to transparently improve business processes and reduce costs, while mitigating security and compliance risk. The company’s core DataMotion Platform provides Direct Project HISP (Health ISP) services as specified in meaningful use stage 2. DataMotion’s easy-to-use solutions for Direct exchange, corporate secure email, file transfer, forms processing and customer contact leverage the Platform to provide a consistent approach to a wide range of data delivery needs.