Home » Readers Write » Currently Reading:

Readers Write: File-Sharing And HIPAA – How You Can Keep Health Data Secure in an Era of Collaboration

April 3, 2019 Readers Write No Comments

File-Sharing And HIPAA – How You Can Keep Health Data Secure in an Era of Collaboration
By Tim Mullahy

Tim Mullahy is executive vice-president and managing director at Liberty Center One of Royal Oak, MI.

image

Collaboration is at the heart of modern workflows, and file sharing is at the core of collaboration. That’s as true in the health industry as it is anywhere else. The difference with healthcare, of course, is that the risks of doing file sharing improperly — of distributing files without due attention to security — are higher.

File-sharing and collaboration are necessary for effective patient care. Medical and support staff alike need to be able to openly and readily share patient data with one another, communicating seamlessly both within hospital environments and without. The problem, of course, is enabling such collaboration without violating HIPAA.

After all, Protected Health Information (PHI) is some of the most sensitive data in the world. The penalties, should it fall into the wrong hands, are rightly strict. That isn’t to say that enabling file-sharing is impossible,  just that it needs to be done while keeping a few things in mind.

Encrypt all files

Although HIPAA doesn’t mandate file encryption (it’s recommended, not required), encrypting all data both in-motion and at rest is critical if you’re going to ensure that your files can be shared securely. In the event that a device containing HIPAA is in some way compromised, encryption will ensure that the data it contains remains safe.

I’d advise that you use SSL encryption and use some form of VPN or secure tunnel to keep your files protected when they’re shared across external networks.

Assign unique IDs to all staff

Every user with access to your file-sharing and collaboration platform needs a unique identifier. In addition to being useful for the purposes of authentication, these IDs will allow you to track data access and usage. The idea is that you need to know what data each of them have accessed and what they’ve done with that data at any point in time.

Implement multi-factor authentication

Usernames and passwords are an important component of access control, but they represent only a partial solution. To keep both your files and the platforms through which staff collaborate secure, you’re going to want multiple means of ensuring people are who they say they are. These could include:

  • Biometric (fingerprint scanners, facial recognition, voice identification, retinal scanners)
  • Behavioral (common login locations, common access and browsing habits, etc.)
  • Hardware-based (device recognition, hardware tokens)

Implement auto-logoff

Here’s one directly from the HIPAA guidelines. Any file-sharing or collaboration solution you use needs to have a timeout process built in. After a set period of inactivity (10 to 15 minutes is probably a safe bet), an employee account should be automatically logged out. This protects against unauthorized access via unattended devices.

Ensure that all software is HIPAA-compliant

Last but certainly not least, for each collaboration solution you implement, check with the vendor to ensure that it complies with HIPAA’s regulatory guidelines. Most vendors that support HIPAA compliance will be open about it. Moreover, their solutions will provide full logging and auditing functionality, alongside all the other security controls necessary to stick to HIPAA.

HIPAA need not represent an obstacle to effective collaboration. Provided you incorporate a compliant solution and take all the necessary measures to keep your data safe, you can enable your clinicians, support staff, and everyone else who needs access to collaborate for better, faster patient care.

View/Print Text Only View/Print Text Only


HIStalk Featured Sponsors

     







Subscribe to Updates

Search


Loading

Text Ads


Report News and Rumors

No title

Anonymous online form
E-mail
Rumor line: 801.HIT.NEWS

Tweets

Archives

Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Reader Comments

  • FRANK POGGIO: Shows to go ya...answering black and white Jeopardy questions is a far cry from the massive grey area of medicine/pharma...
  • Number Cruncher: You are right AC. The cost is seriously underestimated here. Just looking at the numbers - $1 B for 5 years = $200 M ...
  • Abraham Van Helsing: Re Theranos. Will be interesting to follow the saga. As I and others had noted going back 2+ years, something was obvi...
  • Prof. Moriarty: Re: Watson pull out. I've not been directly involved with this product, but from its beginning I have always seen Watso...
  • mih: Of course they can, and for much much cheaper. But why would they do it? Existing arrangement works for everyone in the ...
  • Andrew M. Harrison: Thanks for (actually) reading our paper. I enjoyed the story of your friend, as well as the translation of numbers to em...
  • Mike: I would love to see this type of discussion around Blockchain. It is being hyped heavily currently. Yet, I wonder how we...
  • Brian Too: Just slightly off-topic, but I recently heard an interesting downtime rule-of-thumb: Every hour of downtime requires 2 ...
  • James E Thompson: AI in particular isn't disruptive until it can offer an effective alternative against which a go/no-go decision makes se...
  • Former Newspaper Guy: I applaud your attention to grammar and style. In high school, I worked for the local newspaper in the sports department...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links