With Facebook hearings, and privacy changes across the board, data privacy and security has been at the top of everybody’s mind in recent months. In exchange for the convenience of information being readily accessible people are more willing share sensitive data when they assume it is being kept safe.
In order to participate in the digital environment, most people have accepted that they have to share personal information through email and website forms. In exchange, they can enjoy many conveniences and enhanced service experiences. In return for consumers’ willingness to share their data, it’s expected that organizations have a corresponding obligation to handle that data with the utmost discretion.
The perks and pitfalls of healthcare’s digital transformation
Healthcare is a prime example of an industry in which the digital revolution has produced radical changes in the customer experience. Rather than fill out a stack of paperwork upon entering a doctor’s office or hospital, patients can fill out those forms online through their computer or even their mobile device. This saves time, increases accessibility, and improves the overall experience.
In addition, healthcare service portals offer access to medical results and records. For such enhanced experiences, most patients are willing to share their information.
Yet thanks to hackers, not everything has gone to plan. In fact, healthcare data breaches are on the rise, with numerous attacks already reported in 2018. For example, a phishing email duped a Florida Medicaid employee, with the result that the personal health information of more than 30,000 patients was put at risk. In 2017, the HHS Breach Notification Database reported there were 125 hacking and/or IT-related incidents that affected the PHI of 500 or more people.
Indeed, IT leaders in all industries are painfully aware of the data security threat. For example, a Ponemon Institute survey found that nearly 70 percent of chief information security officers believe their organization will be a victim of a cyberattack or data breach this year. According to David Wagner, president and CEO of Zix Corporation, a leader in email data protection, “If companies want to make 2018 any different from 2017, they need to be realistic about and prepared for this dynamic threat landscape. Too often, insufficient cybersecurity solutions are put in place because organizations either believe that cybersecurity is too obstructive to their operations or because they rely on users to follow cybersecurity protocols. Instead, organizations should focus on practices that are both easy to implement and easy to use.”
The emergence of healthcare data encryption and email encryption technology
The ongoing cybersecurity risk calls for more solutions related to healthcare data encryption, antivirus tools and data leak prevention. This includes data in motion (information being sent from one individual or device to another through direct message or email) and data at rest (stored information). Both types of healthcare data are vulnerable. Needless to say, it’s vitally important to secure PHI included in emails, such as medical diagnoses and surgery descriptions and results.
Thankfully, email encryption technology provides additional layers that make it difficult for a hacker to gain access to healthcare data. For example, new gateways use proven filters to automatically scan incoming emails and attachments. This protects sensitive data by delivering it to recipients in a secure way after removing any potentially malicious content.
In addition, there are email tools have end-to-end encryption that only requires a single click to complete. These email encryption solutions integrate with on-site or Web-based email systems to use existing email addresses. Plug-ins allow integration with other applications, such as Microsoft Outlook. Should a potential security issue arise, quarantine software can block an email and remove it from the network. This way, no employee can inadvertently open it and cause a breach.
Finally, with the advent of remote workers, including scheduling and billing staff and data entry personnel handling medical information, it’s important to have an email encryption solution that accounts for data moving outside of a secure network and onto multiple mobile devices. Such email encryption solutions provide a way to control access to all this data, including emails, contacts and calendars.
More investment needed
Despite the ongoing data security threat and the range of new healthcare data encryption and email encryption solutions, only half of IT professionals in US healthcare organizations are investing in healthcare data encryption to guard sensitive information, according to a recent Infoblox survey.
HIPAA does not require encryption of PHI, even though it can greatly reduce the risk of healthcare industry data breaches. While healthcare organizations have been investing in security measures, they need to do more to demonstrate that they are truly concerned about data breaches.
Stop spending time on viruses and spam. Learn how to upgrade you email security game.