Protecting Patient Data over Email
Great guide for protecting patient data over email
Lack of email data protection is the number one cause for breaches. This is because of the number of ways it can happen. Human error (via mistake), or a data compromise can be the reason. No matter what the reason, protecting patient data over email should be priority number one for your practice.
Doctors, staff, patients and business associates want to be able to talk to one another more conveniently and more directly about matters of patient care. So many practices are using mobile technology like texting or instant messaging and email for communications like appointment or vaccination reminders. But as technology continues to charge forward at an exponential pace, all the while creating new vulnerabilities that hackers are becoming more sophisticated at penetrating, regulation just can’t keep up. But you know, the smart folks responsible for writing the HIPAA Security Rule, knew that was going to be a problem. They needed to design guidelines that would allow healthcare providers, insurance providers, and business associates to do what they are required by law to do, and that is protect the patient’s electronic health information. The The Security rule for HIPAA says, “We received numerous comments expressing the view that the security standards should not be overly prescriptive because the speed with which technology is evolving could make specific requirements obsolete and might in fact deter technological progress.” So the final rule was written in a way that generalizes the standards so that various solutions can fulfill the rule. The HIPAA security rule does not attempt to give exact measures to take with technology, but provides a base from which to start. The onus is on the covered entity, or practice, to make sure they are staying informed on technology that affects ePHI security or appoint someone to do so.
Because much communications data travels across non-secure channels referred to as weak protocols, it is susceptible to breach by simple packet sniffing and can easily be intercepted and modified and rerouted, or just stolen for black market sales or ransom.