Nextech is committed to protecting our customers both within our health care technology systems and through our communication channels. We recommend that our customers and all health care providers keep all systems updated with the latest security patches and perform annual security assessments. The Department of Health and Human Services offers an easy-to-use assessment tool to evaluate the security of your systems, data, policies and procedures.
Part of Nextech’s commitment to securing communications with health care providers is that Nextech uses secure channels to exchange sensitive information, including Microsoft Exchange email, OneDrive, and Sharepoint. With broadcasted email encryption, malware detection and data-loss-prevention features, we can assure customers that their data is safe when communicating with our team on support, development or usage topics.
Rather than using protected in-system communications, vendor-support or patient portals, physicians or staff may elect to use email when communicating with patients, IT vendors, partners, payers or other practices. Email itself is not bad. It’s a quick means of communication. But, using an email platform that does not meet required HIPAA security regulations for health care can leave the provider susceptible to cyber attacks including phishing, malware, man-in-the-middle attacks and ransomware.
Health care professionals understand the importance of HIPAA and trust health IT vendors to protect their data, but some providers and their staff may not realize how vulnerable they are within their practices through the seemingly innocuous use of email.
HIPAA was designed to protect the privacy of patients’ medical information, but it also outlines the safeguards that health care organizations should have in place to also protect their systems from compromise. When organizations do not have these safeguards in place, they are at risk of a data breach, such as the recent data breach at Equifax that impacted over 143 million individuals. With nine reported HIPAA settlements in 2017 totaling more than $17 million, violations can be costly.
Identifying Email Platforms at Risk
When selecting communication platforms, it is very important to note the application’s ability to comply with HIPAA security standards and safeguards. Several popular email applications such as Gmail are not HIPAA-compliant, and are not recommended for use in a health care environment. Other email clients, such as Yahoo, AOL or Hotmail fall into this same at-risk category and should be avoided when communicating and sharing confidential information.
When medical practices receive emails from patients or business associates that contain data or documents with protected health information it is important to know that the transmitter of information is using a HIPAA compliant platform, such as Microsoft Office365.
How to Protect Yourself
Your best defense is to use secure and HIPAA-compliant applications for communicating and transferring sensitive data. Also, make sure to recommend your patients, customers, vendors and business associates use compliant tools for exchanging sensitive or confidential data. Office365 has added security that other email clients lack to meet HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act regulations, the same regulations that electronic medical record (EMR) system vendors have to follow.
When selecting new technology to improve the way we communicate and do business, security can be easily overlooked. To help avoid cyber attacks and data breaches, it is important to always do a risk assessment on any new technology that is adopted and implemented, and work with vendors that use trusted secure practices for communication and general business.