Email is one of the most popular forms of communication, and with good reason: virtually everyone has it, and it’s fast. The wide-spread adoption of email as one of the primary forms of communication can be seen in the strange looks someone might get when they admit that they don’t have an email address. Traditional mail’s colloquial term of “snail mail” is a testament to the speed of email communication.
Email is just as ubiquitous in healthcare. Almost every healthcare professional and medical clinic use email. In the healthcare sector, fast communication is essential. The appeal of sending information and documentation instantly cannot be ignored, especially where patient care is concerned.
However, email comes with some significant security considerations. Unsecured email is a liability for healthcare practitioners and undermines public trust in our healthcare system.
Practitioners throughout Canada must follow specific requirements regarding the security of personal health information (PHI). For example, Section 60 (1) of the Alberta Health Information Act states that a custodian must maintain administrative, technical and physical safeguards that will protect the confidentiality of health information that is under its control and protect against any reasonably anticipated threat or hazard to the security or integrity of the health information or of loss of the health information, or unauthorized use, disclosure or modification of the health information or unauthorized access to the health information.
BC, Manitoba, and Ontario have enacted similar legislation. For PHI regulations in other provinces or territories, visit the OPC of Canada’s privacy laws reference page.
Despite these regulations, email continues to be a serious liability; we continue to see situations where significant PHI breaches occur, and only after the breach are security measures reviewed.
A quick search on Google for PHI breaches and email returns multiple, significant examples:
• Patients Warned of PHI Exposure After Premier Healthcare Laptop Theft
• Hundreds of Massachusetts General Hospital patients notified of data incident
• PHI of 54K Molina Healthcare Members Stolen by Former CVS Employee
In each of those cases, email was a common factor in the PHI breach.
In the first example, a laptop belonging to Premiere Healthcare was stolen. The laptop, while password protected, was not properly encrypted. Emails stored on the laptop contained easily-accessible, unencrypted PHI of “approximately 205,748 individuals.”
In the second article, an incorrectly typed email address caused the PHI of over 600 individuals to be sent to the wrong recipient.
In the third case, a CVS employee inappropriately accessed the PHI of over 54, 000 individuals, and used a work computer to email those records to his personal email address.
Now, those are some sensational examples, and you might be thinking: “I’m always conscious of security with PHI, with email, and so are my employees. Why should I care about the breaches of others?”
That is a valid question, and indeed valid points: not everyone is a security risk. Most readers of this article will never pose the risks detailed in those examples.
Unfortunately, our industry is not an industry of one. While 98% of the healthcare practitioners in the industry will never cause a breach of PHI, there is still that remaining 2%.
And that 2% is causing serious problems. Why should you care? Simple: the security breaches caused by that 2% undermine the public trust in our healthcare system.
A Black Book consumer survey from December 2016 detailed some surprising responses to questions of privacy in the healthcare sector. According to the survey, “57% of consumers are skeptical of the overall benefits of health information technologies, mainly because of recently reported data hacking and a perceived lack of privacy protection by providers.” Additionally, 89% of individuals decided not to disclose health information during visits.
While these numbers are US statistics, Canada is not at all dissimilar. In a CMPA article from 2013, the results of a Canada-wide survey revealed that 43% of individuals “would withhold information from their care provider based on privacy concerns.” A recent article from the Privacy Commissioner of Canada shows the aforementioned sentiment remains, as a recent poll indicates that 78% of Canadians have become “less willing to share their personal information.”
These statistics are troubling for the healthcare sector. Trust is crucial for successful doctor-patient relationships, yet the prevailing sentiment is that the public at large does not trust their personal information in the hands of others, to the point where patients are choosing privacy and security over the disclosure of potentially vital PHI.
This perception needs to change, and it begins with every practitioner, not just those who have breached security before.
There is good news, however. Fast, easy communication does not need to be compromised for the sake of security. The ability to communicate with everyone as fast and easily as with email, using a fully encrypted and traceable system, exists. . A system where email address typos don’t matter. A system where someone using a fake email address cannot trick a user into divulging sensitive information. A system where no sensitive or personal information is stored on your computer, laptop, tablet, or mobile device. A system where a stolen device no longer means a security breach.
89% of individuals decided not to disclose health information during visits. 89%. That number should be 0%.
The first step to turning 89% into 0% is for everyone to recognize that convenient and instant communication can occur within a secure environment; security is no longer a hindrance to usability.
dr2dr was designed to be as easy to use as any email or text message app, as fast as both, while still ensuring the highest security and encryption for all communications and data sent through it.
Change is difficult. For everyone. And if you find yourself thinking that moving away from email in your practice is too difficult, remember this one number: 89%.
Change is difficult, but it is necessary. Change the healthcare system for the better. Improve the healthcare experience for your patients.
Security or convenience is no longer the only choice.
Security with convenience is now available.