They understand how sensitive this information is and how disastrous it would be if their files became public or fell into the wrong hands. However, while health information technology provides great benefits for medical professionals and patients, it poses risks for consumer privacy.
HIPAA formalizes the requirement to protect patient information, whether it is being maintained in an electronic health records system (EHR), stored on a mobile device or transmitted via email to another physician. In fact, the Department of Health and Human Services (HHS) is poised to increase HIPAA audits to make sure medical practices and their business associates have taken measures to protect patients’ health information.
Risks of electronic conveniences
While mobile computing and cloud-based file-sharing sites allow psychologists to take notes on a tablet, annotate those notes on a laptop and share them with a physician who views them on his desktop, this free flow of information can complicate security and HIPAA compliance.
Most popular file-sharing services now sign Business Associate Agreements and help safeguard information in accordance with HIPAA, such as by encrypting documents while they’re stored in the cloud. However, if you need to sync them to devices, you’d need to protect them at the file-level. Email, which isn’t as versatile or useful as these services, also isn’t compliant for use with PHI unless the files are encrypted.
Small practices use these online services and email even if they’re aware of the risks because they don’t have time to research a compliant solution. Or else they resort to faxing or even snail-mailing documents to each other, completely losing out on the productivity boost that the cloud can help provide.
The good news is there are ways to make the cloud compliant with HIPAA. A number of tools exist to help psychologists seamlessly integrate the encryption necessary to keep their clients’ records safe and meet HIPAA security requirements. Here’s a look at three different options.
One option is to invest in a dedicated software product specially designed to encrypt documents shared through cloud-based services. This kind of software creates a compliance “shield” around files stored in a file-sharing service, converting files into HIPAA safe havens. The files are encrypted even when they’re synced to new devices or shared with other users, meaning they’re protected no matter where they reside.
Sookasa encrypts files shared and stored in Dropbox and Google Drive. It also provides Data Loss Prevention features that scan team accounts for PHI, including medical record numbers as well as audits and controls access to those files, meaning patient data can be secured even if a device is lost or stolen. Sookasa users can also share files via email with added encryption and authentication to make sure only the authorized receiver gets the documents.
Regular text messages on your phone aren’t compliant with HIPAA, but TigerText replicates the texting experience in a secure way. Instead of being stored on your phone, messages sent through TigerText are stored on the company’s servers. Messages sent through the application can’t be saved, copied or forwarded to other recipients.
TigerText messages are also deleted, either after a set time period or after they’ve been read. Because messages aren’t stored on the phones themselves, a lost or stolen phone won’t result in a data breach (and a HIPAA violation).
Secure text messaging won’t help psychologists store and manage large numbers of patient files, but it’s a must-have if they’re use texting to communicate about patient care.
DataMotion provides healthcare organizations and other enterprises with email encryption services. Using a decryption key, authorized users can open and read the encrypted emails which are compliant with HIPAA.
DataMotion’s SecureMail provides detailed tracking and logging of emails, which is necessary for auditing purposes. Also, the product works on mobile devices.
There are many options for storing and sharing information securely through the cloud, so psychologists no longer have to rely on the burdensome methods of faxing or sending patient documents via proprietary networks. But with cyber threats on the rise, cloud security and BYOD (Bring Your Own Device) practices must include HIPAA compliance.
Asaf Cidon is CEO and co-founder of Sookasa. He founded Sookasa to allow businesses to control their data securely via the cloud with a product that encrypts, audits and controls access to files stored on Dropbox and Google Drive and complies with HIPAA and other government agency regulations. He may be reached through email@example.com.
Cloud computing image available from Shutterstock