This is not your father’s email
Just 10 short years ago, security in email wasn’t even something that was discussed among medical practices. Why? Well, having an email breach or an attack from outside was something that just didn’t happen very often. If it did, it only affected “big companies”. Heck, just having email at your practice back then was a huge step. A lot has changed since then.
Everything is done with technology, from commerce to communications almost all business is done over the internet.
The problem is the internet is just as susceptible to crime as anything else. In many cases, more so. Now you are hearing words like risk and MACRA and Meaningful use and audits. Let’s forget about all that for a minute. All of that is enough to make your head spin.
You might ask yourself…Will email breaches or email security really affect me? The answer is yes, they can and will. Criminals do not discriminate. They will attack anyone and any business. Famous politicians aren’t the only ones with email problems. Think about how it will affect you.
Email threats can come in two ways:
How many emails are you sending today? Who are you sending them to? What info do these emails contain? These are all the questions you want to ask yourself when evaluating your outbound email security.
In most cases your practice is sending many emails each day. After all, email is the main communication method for the overwhelming majority of businesses, especially medical practices.
Your practice is also very likely sending email and information outside the organization. Do you have a billing company you work with? How about a clearinghouse? Other practices or physicians?
The most important question is about what information is being sent. Sure, there is the obvious…Things like demographic information for for patients. Social security numbers, etc. How about health info too? Notes, insurance info, labs, x-rays. They all constitute PHI and therefore need to be secured.
How do you know what needs to be protected? What exactly is included in the definition of PHI and ePHI? Truth is, the definition is so wide that many things are considered ePHI. Like we have discussed in previous videos and emails health information is 10 times more valuable to thieves then credit card information. Because of this Health and human services has mandated that each practice sending email must also have outbound security.
What is secure mail? It is a layer of encryption on top of what you’re sending. Instead of sending your email in the clear for anyone to read and use against your patients and practice the email is jumbled in a way that no one but the recipient can read. It is safe, secure and meets the needs of the government.
But that’s not the only thing to think about. What about the emails coming into your practice?
How can they affect you? It’s true most emails are completely benign in nature. How often do spam messages get through to your email? Or different scams wanting your money, or worse yet, malware and viruses. We could spend hours talking about the various threats that come via email. In fact, we have in past videos. The truth is cyber crime with email is everywhere. Your practice is and will be targeted.
How do you protect inbound threats?
Anti virus/Anti Malware scanning – All email attachments should be scanned when coming in and blocked should they contain viruses
Threat protection – this is a scan and tested execution of both URLs (websites) and attachments you receive in email. The website links and attachments get executed in a test environment and delivered if they are safe.
These two major protections, when put together can solve your email security issues. There are a several vendors out there to choose from. Pay attention to the features they offer and what email systems they might interface with. Some providers offer cloud solutions, others hook up to your current email system.
Some companies will only offer inbound or outbound protection. Some do both.
The truth is, there are a lot of options, something for every practice and person. It’s not important who does your security, but rather, that it is being done for your practice. Don’t brush this under the rug. Security is a major issue for medical practices. Please give it the attention it needs. Thank you for your time today.
Stay tuned for more updates coming soon. And if you want to check out more about Kypher please check out our website, kypher.com