Scottsdale, Arizona (PRWEB) January 15, 2013
Health information data breaches are increasing in number and magnitude. So are the lawsuits and penalties. Patient health information is particularly compromised when transmitted via email, SMS, forums, social media or mobile devices. HIPAA prohibits unsecure transmission of patient information over the internet and mobile devices. However, many healthcare organizations simply have no control over how their staff sends and receives patient data. Many more have no access to a secure platform that facilitates online and mobile communication and transmission of PHI among healthcare providers and HIPAA vendors.
Baniameri explains that every email with confidential information that is fired from exchange servers leaves a large footprint. Hackers can find copies of these emails on laptops or mobile devices, the exchange server, the recipients' exchange servers, the recipients' laptops or mobile devices--not to mention all those whom the messages were forwarded to.
According to Baniameri, there is a great deal of confusion among healthcare providers when it comes to secure email and mobile messaging apps. Even some CIOs of the larger healthcare organizations or HIPAA entities are lost when it comes to HIPAA laws on secure transmission of PHI. The major misconception is encryption. Many think that a simple encryption of messages and documents makes the transmission of data HIPAA compliant. That’s not correct. Transmission of encrypted data is only a small part of HIPAA compliancy when it comes to secure email and mobile messaging. HIPAA compliant messaging solutions must satisfy a number of requirements. All data must be kept in a secure and HIPAA compliant data center. The security of data is directly related to the way the server infrastructure is built. The infrastructure must be built in a way that it is nearly impossible to access data from outside of the production environment. The data must be invisible to those who support the systems. The data or traces of data should never reside on support staff’s devices. The encryption must be at least 128-bit, preferably 256-bit or higher. Access to the messaging solution must only be possible by tight user authentication. All user information must be accurate and extensive. The system must have strong auditing capability. All activity on the platform must be logged and monitored for possible breaches of security. The system must have auto time-out capabilities. And additionally, the system must have business intelligence capabilities for data mining and quick access to important information.
Baniameri further explains that a capable secure email system must leave small footprint while delivering messages and documents to recipients. Confidential information, whether encrypted our not, should never reside on devices or the company exchange servers. Confidential emails and documents should be sent, received, archived and accessed on the exact same ecosystem. With approach like that, healthcare organizations and HIPAA entities will not have to worry about calling large number of patients to explain how their information might be compromised because employee’s laptop or mobile device was stolen or lost.
Baniameri suggests that before making investment in secure email and mobile messaging solution, organizations must consider all the facts and ask the hard questions. HIPAA IT vendors must understand HIPAA requirements and provide customers tools to protect themselves and patients against possible mishandling of important patient information.
Here are some important questions that healthcare organizations must be asking from the vendors:
1. Where exactly will messages and documents reside?
2. Explain the data center setup
3. Explain the data security infrastructure
4. What kind of encryption is used?
5. What kind of auditing capabilities are provided?
6. Explain system redundancy and availability strategy?
7. Provide HIPAA compliancy documentations
8. Explain how customers are protected against mishandling of data by recipients of messages
9. How much experience does the vendor have in developing solutions for healthcare?
About Health BI
Health BI is the leading developer of care coordination, patient engagement, care transition and secure messaging solutions for Population Health Management market. Headquartered in Scottsdale, Arizona, Health BI was created by a team of Health IT leaders and physicians to fill the need for tools that enable healthcare providers and payers to reduce costs and penalties by automating care coordination, care transition and patient engagement.