Feature | Cybersecurity | August 18, 2014| Yvonne Li

How You Should – and Should Not – Be Sharing Medical Information With Patients

A Review of HIPAA security practices to keep in mind when sharing patient data

HIPAA, HIPPA, cyber security concerns are rising over how to better securing patient records.

The healthcare industry is becoming more mobile and efficient than ever before thanks to the adoption of technologies such as electronic health records (EHR) and electronic sharing, storing and accessing of medical data. These advances have all helped to give patients a more dynamic and comprehensive healthcare experience. They have also helped empower patients to take control of their own healthcare history and information.

While this is a positive step for healthcare, the rapidly changing landscape makes privacy and security threats a greater issue. As the risk of cybersecurity data breaches increase, complying with guidelines, such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule, becomes more complicated. Penalties can range from $100 to $50,000 per violation, so healthcare providers should take every precaution to ensure the privacy and safety of shared information.

 

Outdated Channels Heighten Privacy Risks 
As more options for storing and sharing patient information emerge, others become outdated and more prone to risk, and should no longer be used by healthcare providers or patients. Although they might be convenient, channels to avoid include e-mail, CDs and other well-known online file sharing services that send information in a non-encrypted format.
 
E-mail, is a ubiquitous method of communication across all industries, both for professional and personal use. E-mail makes it easy for a doctor or patient to send and share medical histories or test results. Unfortunately, too many security breaches have shown that this is not a secure means of data exchange. It cannot be guaranteed that the data is encrypted both “in flight” and “at rest.” Furthermore, the e-mail provider varies from person to person, making it difficult to keep track of the security measures in place.
 
Another common method of exchanging medical data is on CDs, which is not only unsafe, but inefficient as well. They take time to create and mail, translating into potential delays in diagnosis and overall care delivery. Postage costs and the cost of the CD itself are also a consideration. More importantly, the mail is not a secure or reliable means of transferring information, as it can be intercepted. Having private medical data fall into the wrong hands puts medical professionals and patients at serious risk. Losing or misplacing the CD is also an issue.
 
A more recent method — online and cloud-based data storage websites — is proliferating, offering heightened levels of security and privacy control. While these new channels can significantly reduce risk, it is important to understand the differences among them. For example, physicians should be particularly careful using services that are not HIPPA compliant or certified. Under HIPAA rules, it is the responsibility of the healthcare provider to ensure the safety of patient information and data breaches. These incidences can result in fines totaling thousands of dollars.
 
 
Educating Patients and Providing Safe Means for Data Exchange 
While the patient can choose to use whichever medium they want without having to worry about incurring regulatory issues, providers have an opportunity — and increasingly an obligation — to educate patients on the risks associated with non-secure methods and leaks of their private information. For instance, medical identity theft is on the rise. In a 2008 report, the U.S. Department of Health and Human Services estimated this affected 250,000 victims, based on Federal Trade Commission survey data from 2006.[1] More recently, the Ponemon Institute calculated that there were 1.84 million victims of medical identity theft in 2013. This constitutes a 21 percent increase over the previous year.[1] Additionally, leaked medical records could lead to prejudice during the employment process as well as with personal insurance rates. Even personal storage on computers and hard drives should be done with caution as these are frequently subjected to various viruses designed to obtain personal information as well as theft and/or loss.
 
Not only can providers educate, they also can offer patients a secure service as an added value to their experience. Secure cloud-storage and exchange services that provide a fast and convenient link between patients and doctors do exist. Using HIPAA complaint providers is the safest and most easily accessible way to exchange patient information. There are a number of services available, both free and for a cost, depending on the level of functionality and storage needed in the practice.
 
When choosing a cloud storage or data exchange provider, it is imperative to research what each service does and does not offer when it comes to security, and data breach compensation. Knowing the location of your service partner’s data center and their security procedures ensures that your data is fully protected and compliant even when faced with a natural disaster or a security breach. Ask questions regarding backup and disaster recovery procedures to know the consequences in case your data is ever lost. Check for downtime procedures and level of customer support guaranteed by the service provider. In addition, the provider should be willing to sign a business associate agreement (BAA), which reduces some provider liability for breaches on the server side. From the data exchange perspective, it is also important for providers to be able to track send and retrieve activities between patients and other doctors.
 
As the demand for quick and direct communications between doctors, or doctors and patients grows, it is important to remember that not all methods of file sharing are created equal. E-mail, CDs and non-secure online and cloud-based data storage websites should be avoided when transferring private and critical medical data, due to potential compromised privacy risks and additional incurred costs. 
 
To ensure protection of patient privacy, research your data exchange provider to ensure their security protocols fall in line with HIPAA guidelines and reflect the needs of your patients and your practice. It is equally important to educate patients on how to utilize the same services when exchanging information to ensure compliancy on both ends. 
 
Editor’s note: Yvonne Li is vice president of business development for the SurMD, SurDoc Corp. The company specializes in healthcare cloud security, offering a line of HIPAA compliant products using proprietary security algorithms. For more information, visit www.surmd.com.
 
 
References: 
 
 
 
 

Related Content

Scranton Gillette Communications Names Diagnostic and Interventional Cardiology Group Publisher and Integrated Media Consultant

Diane Vojcanin (left) was named vice president, group publisher, healthcare group, overseeing Imaging Technology News (ITN) and Diagnostic and Interventional Cardiology (DAIC). Andreja Slapsys (right) was named a healthcare group integrated media consultant.

News | Cardiovascular Business | September 06, 2019
Business-to-business communications company Scranton Gillette Communications has named Diane Vojcanin as vice president...
FDA Opens Proposal Solicitation Period for 2020 Experiential Learning Program
News | Cardiovascular Business | July 17, 2019
The U.S. Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) announced the 2020...
The Current Direction of Healthcare Reform Explained by CMS Administrator Seema Verma
News | Cardiovascular Business | June 11, 2019
Centers for Medicare and Medicaid Services (CMS) Administrator Seema Verma addressed the American Medical Association (...
DAIC Earns Azbee National Bronze Award for Social Media Presence
News | Cardiovascular Business | May 10, 2019
May 10, 2019 — Diagnostic and Interventional Cardiology (DAIC) earned a Bronze Award at the 2019 Na
Cath lab staff working as a team to prepare for a procedure at Presbyterian Medical Center Cardiac Cath Lab, Charlotte N.C. Pictured are Barry Horsey RCIS, Emily Luna RN, RCIS, Adam Martin RCIS, Caleadia Jessup RN.

Cath lab staff working as a team to prepare for a procedure at Presbyterian Medical Center Cardiac Cath Lab, Charlotte N.C. Pictured are Barry Horsey RCIS, Emily Luna, RN, RCIS, Adam Martin, RCIS, Caleadia Jessup, RN.

Feature | Cardiovascular Business | May 03, 2019 | Ruben Filimonczuk, RCES, AS-PMD
One of the most promising areas for innovation in healthcare is to be found in the workforce – both in hiring and ret
Fail-safe Program for New Medical Technology Focuses on Patient Safety
News | Cardiovascular Business | April 29, 2019
New medical technology offers the promise of improving patient care, as well as the potential for harm if caregivers...
Medicare Trustees Report Hospital Insurance Trust Fund Will Deplete in Seven Years
News | Cardiovascular Business | April 22, 2019
The Medicare Hospital Insurance (HI) Trust Fund, which funds Medicare Part A, will only be able to pay full benefits...
Videos | Cardiovascular Business | April 16, 2019
A discussion with Ruth Fisher, MBA, vice president of the...
Foreign-trained doctors now make up one-third of cardiologists in the United States and help make up for the U.S. overall shortage of physicians. Pictured here is co-author of this article Mandeep R. Mehra, MBBS, MSc, FRCP, who is an example of the contribution international physicians have made in the U.S. He is medical director of the Brigham and Women’s Hospital Heart and Vascular Center.

Foreign-trained doctors now make up one-third of cardiologists in the United States and help make up for the overall shortage of physicians. Pictured here is co-author of this article Mandeep R. Mehra, MBBS, MSc, FRCP, who is an example of the contribution international physicians have made in the U.S. He is medical director of the Brigham and Women’s Hospital Heart and Vascular Center, The William Harvey Distinguished Chair in Advanced Cardiovascular Medicine, and a professor of medicine at Harvard Medical School. He is past-president of both the Heart Failure Society of America and the International Society of Heart and Lung Transplantation. 

Feature | Cardiovascular Business | April 15, 2019 | William W. Pinsky, M.D., FAAP, FACC, and Mandeep R. Mehra, MBBS, MSc , FRCP
As we strive to process today’s successive news cycles involving negative reports about immigration, it is easy for m
Overlay Init