Maintaining Control Over Sensitive Communications in Healthcare

Information Security    | September 25, 2019

The healthcare industry is becoming increasingly digital – from its adoption of Electronic Health Record (EHR) technology to various online medical appointment booking and prescription systems. And, since healthcare organizations use, send and receive so much personal and medical data, it’s essential that these digital transformation projects incorporate elements of privacy by design —including secure communications.

Here’s why it’s important to maintain control over secure communications and how healthcare organizations can do that.

What is communications control?

Communications control is about setting up a system that allows your organization to oversee, track and review all digital communications. This is typically done by setting up control policies and permissions and using appropriate tools.

Why is control of secure communications essential in healthcare organizations?

Communications control allows you to protect personal and medical data that you collect, use and share as part of business operations. While it’s easy to agree that protecting client data is the right thing to do, there are many more reasons to implement communications control at your organization.

Five reasons for implementing communications control in healthcare organizations:

1. Clients expect privacy – An EHR includes the most personal details imaginable, from medication lists to medical conditions, and clients trust that you’ll keep this information private and secure.
2. Bring-your-own-device (BYOD) and remote work culture – It’s now common for companies to allow employees to use their personal cell phones, tablets and laptops for work activities or to operate on company networks. When this happens, sensitive internal information has the potential to travel outside an organization’s digital perimeters —which presents a security risk. The increase in remote employees is one contributor to the popularity of BYOD.
3. External threats – According to a recent Symantec report, 18 per cent of cybersecurity breaches happen in healthcare. The average cost for a ransomware incident is $76,000 and the average hacking breach costs $2.4M. That’s about 2.4 million reasons to maintain control over sensitive communications!
4. Insider threats – It’s an uncomfortable truth that data breaches and cyberattacks are often caused by employees—mostly accidentally but sometimes with malicious intent. Learn more about how insider threats happen here.
5. Client demand for digital solutions – According to McKinsey & Company, consumers prefer digital solutions for many healthcare activities including appointment scheduling, prescription refills, checking personal health information and paying health insurance bills.

The good news is that healthcare organizations can address all these factors with secure communication controls, a user-friendly encryption platform and creating a culture of security.

Five ways healthcare organizations can maintain control of their secure communications

1. Encryption, encryption, encryption – Encryption is defined as “the process of converting information or data into a code, especially to prevent unauthorized access.” Communicating without encryption is like leaving your front door and filing cabinets unlocked and wide open.
2. Set external communications policies (aka controls) – With so many modes of communication, it’s easier than ever for sensitive data to leave the safety of your corporate network, either intentionally or accidentally. Secure communications controls can help prevent this from happening. Examples of communications controls include preventing email forwarding, setting automatic encryption based on the type of email, keywords, phrases and attachments and enabling a single sign-on solution—to help ensure sensitive information stays protected.
3. Set policies for inbound communications – While you can’t control what people send your organization, you can control how you receive it using preset inbound policies, such as automatic encryption. For example, with the Echoworx Email Encryption platform, emails with sensitive information—including protected health information (PHI)—are automatically identified, securely routed to the Echoworx web portal and encrypted. Encrypted delivery methods include TLS encryption, encrypted PDFs and attachments, certificate encryption and web portal encryption.
4. Enable reporting and monitoring – While you don’t want to set up a “Big Brother” environment, it’s important to be able to identify and investigate irregular communications. For example, you should be able to see who sent any email you’re reviewing, when it was sent and whether it was opened or not. Learn more about taking pre-emptive measures to reduce internal cyber vulnerabilities here.
5. Act on irregularities – A proper system allows you to act as soon as you identify suspicious communication behaviour. You should be able to modify user permissions, recall messages and revoke access to encrypted messages (even ones that have left your network).

At Echoworx, encryption is all we do. We’re proud to help healthcare organizations take control of their communications and protect their sensitive data with a user-friendly encryption solution that has a demonstrated return on investment. The Forrester Total Economic Impact™ study revealed that organizations that adopt the Echoworx’s Email Encryption platform can expect a return on investment of 155 per cent, a payback period of seven months and the unquantified benefits that come with enhanced customer experience and reduced downtime.