Posts

How to send a HIPAA compliant email

These days, it would be unthinkable to operate any kind of business without email or other forms of electronic communication. And it’s a pretty standard practice among businesses of all sizes to at least be aware of security issues such as phishing, address spoofing, viruses, and spyware. For businesses that deal with protected health information (PHI) however, there is an added layer of security required.

We’re talking about the Health Insurance Portability and Accountability Act, most commonly known as HIPAA. HIPAA sets the standard for protecting sensitive data. All businesses dealing with PHI are required to make sure that physical, network, and administrative security measures are in place and kept in compliance.

Included in these considerations is handling HIPAA compliant email.

What’s involved?

HIPAA requires that PHI is secure both when it’s being sent and when it’s not. The email must be protected by levels of unique usernames and passwords for PCs and servers, and secure encryption procedures each time the information is sent or received.

This means that it’s not recommended to use common, free internet-based email services. If you do use an internet-based email service, you must have a signed Business Associate Agreement (BAA) which confirms that administrative, physical, and technical safeguards are being maintained. The BAA will generally cover the host server responsibility, but you’re still required to protect every other part of the email or transmission chain.

Encryption, particularly for stored files, is also your responsibility. There are many options available for encrypting data on your own computers, and failure to take steps to use encryption could result in heavy fines.

How to keep email secure

What to consider when setting up secure email procedures

  • Many email servers will encrypt emails from sender to recipient. If the recipient is not a client of that server, they are given the option to securely connect to the server in order to receive the email.
  • Patient portals allow for secure storage of PHI and other communications. An email is sent to the recipient informing them of an incoming message. They can then log in and securely receive the message.
  • When setting up your own email accounts, use strong password protections and possible 2-factor authentication.
  • While email disclaimers and confidentiality statements aren’t a guaranteed protection for you, said disclaimers should clearly state that the information sent is considered PHI and should be treated as such. This is not a replacement for encryption or other security measures.

What about the patients?

HIPAA realizes that you have no control over the email clients and security patients may use. The regulation states that as long as you’re using secure email and encryption on your end, you are not responsible for what happens on the patient’s end of things. Well… there are a few conditions:

  • You must have a fully secure, alternate option for patients to receive information (such as a patient portal).
  • You must inform patients that their personal email clients may not be secured. If they still want the information, it’s all right to send it.
  • You must document the above conditions.

Protecting different types of emails

Not all emails are sent from a provider’s office to a patient. Emails sent between doctors located in different locations, and not sharing a secured network or email server must also use encryption. Likewise, doctors who email PHI from their home computers to their work accounts must use encryption to avoid HIPAA violation. While in-office emails using the same secured email server don’t have to worry about additional encryption, remote access situations must follow encryption procedures.

In conclusion

Don’t become overwhelmed by the many requirements for sending a HIPAA compliant email. Consider working with a managed IT services provider experienced in HIPAA compliance and technology.

Healthcare-Specific Security Threats You Need to Avoid in 2019

The healthcare sector experiences twice as many cyberattacks as any other industry. Still, healthcare professionals invest less than 6% of their budgets in cybersecurity.

What gives?

If you are a medical professional, now’s as good a time as any to beef up your security efforts. As a result, you can safeguard patient data and prevent hackers from stealing sensitive information. Here are some healthcare security threats to look out for in 2019.

Phishing attacks

Phishing attacks are becoming a bigger concern in healthcare. This type of security threats starts when a healthcare clicks on an infected email. Once this malware infiltrates a computer system, it can access valuable files and folders.

“The attacker can then use this software to gain access to the healthcare organization’s financial, administrative and clinical information systems,” says Tech Crunch.

Phishing attacks can have a detrimental impact on a hospital or medical practice. Malware often renders computer systems unusable, which has a significant impact on patient safety. In this scenario, doctors and nurses are unable to access important records. In turn, this can put organizations in big trouble in terms of compliance and liability lawsuits. And, in rare cases, it can even put patients’ lives at risk.

These type of attacks greatly increase the chances of hackers stealing valuable data.

Old legacy systems and networks

Old computers and networks could increase security vulnerabilities. As you may expect, Legacy systems may not function as efficiently as newer ones, and they often lack the latest security patches and updates.

“Healthcare is vulnerable due to historic lack of investment in cybersecurity, vulnerabilities in existing technology and staff behavior,” says Science Direct.

Even if medical organizations lack the money to invest in brand new technology, they should take steps to improve their network security. Installing the latest security software and a firewall, for example, and getting rid of old programs could prevent data from being stolen, increase compliance and increase patient trust.

Staff misuse

Insider misuse makes up 15% of all security breach incidents. Usually, this involves medical employees gaining unauthorized access to sensitive data and sharing it with other people.

“Surprisingly, the reason insider misuse stands out in the healthcare industry is because of the amount of people who get jobs in the industry for the sole purpose of infiltrating the system and gaining access to patient health information,” says the University of Illinois at Chicago.

Encrypting valuable data and setting up access controls — where only certain members of staff can access information. This could help to reduce this problem.

Ransomware

Ransomware is one of the biggest security threats in healthcare right now. In May 2017, a ransomware attack called WannaCry targeted computers running the Microsoft Windows operating system and had an impact on Britain’s National Health Service — the biggest single-payer healthcare system in the world.

A similar ransomware attack on your organization could spell disaster. Once ransomware infects your computer, you will probably be unable to access files and patient records unless you pay cybercriminals a ransom.

These are just some of the security threats you need to avoid if you work in the healthcare sector. However, working with a professional who takes care of your security defense needs will reduce phishing attacks, ransomware, staff misuse and old legacy systems from malfunctioning.

3 healthcare technologies that will revolutionize the patient experience

Technology has a long history of improving the way healthcare organizations treat their patients. And that will continue to be true in new and innovative ways as technologies outside the medical industry are adapted to improve the patient experience.

Here are 3 examples of healthcare technology that will continue to revolutionize the patient experience in the future.

Mobile apps for preventative care

There’s an app for that. We’re all familiar with this saying, and it’s true even in healthcare.

One of the biggest developments on the rise is fitness apps and the wearable technology they interact with. More and more apps are interacting with and measuring the health of the patients who use them. This process keeps people living healthier and spending less time in the waiting room at the doctor’s office.

Apps also help patients communicate better with their primary healthcare physician without breaking HIPAA compliance. They can even allow patients to keep better track of their own symptoms and manage things like blood sugar or sleep schedules.

The interaction between these apps and the sensors they use to monitor health brings up our next technology: the Internet of Things (IoT).

Related: 3 steps to HIPAA security rule compliance for your business 

The Internet of Things for better data

The IoT is all about sensors and connectivity. And when it comes to healthcare technology, the applications for medical devices are seemingly endless, from streamlining testing procedures to improving the way critical patients are monitored.

As the future plays out, IoT technology will also enable better first responder coordination and faster health data communication when critical patients are en route to the hospital.

And imagine how much more in-depth that information will become with the rise of IoT smart pills that will monitor patient health from the inside. Before long, sensors could be detecting cancer and treating internal injuries.

Monitoring at every level of healthcare will change for the better as the IoT continues to make inroads into healthcare.

Related: Starter devices for the Internet of Things 

Artificial Intelligence for patient scheduling and monitoring

And since we’re already talking about the IoT and patient data collection, we need to discuss the role of artificial intelligence (AI) in healthcare technology. Though still in its infancy, AI will soon have the power to digest information and suggest appropriate actions based on the data IoT sensors collect.

This will cut down on staffing difficulties and allow nurses to better monitor their patients.

AI already has a big impact on the patient experience now. Chatbots help clinicians schedule appointments with patients. Programs monitor patient symptoms so human nurses can be more prepared for checkups and other visits. Algorithms help patients search their own symptoms online.

As AI and machine learning continue to develop, all of these features will become even more effective and helpful.

Healthcare technology will bring much more in the future

Though healthcare technology is already revolutionizing the patient experience, it will do so much more in the years to come.

For example, technologies like blockchain are just beginning to make their way into healthcare. These technologies promise to reconfigure the entire experience for both staff and patients.

And you might have noted how each of the three technologies we mentioned above feed into each other. Where this kind of collaboration and incorporation will lead is really anyone’s guess. But you can bet it will change the way doctors and patients interact in amazing ways!

Related: Medical ransomware attacks on the rise