Encryption in Healthcare? Improving the Prognosis of Data Security

Customer Experience    | April 21, 2019

Healthcare organizations collect, manage and distribute an enormous amount of medical and personal information and they’re constantly at the mercy of budget constraints and cuts, which leaves them vulnerable. On top of that, healthcare is the only industry where more breaches happen because of insider threats than outside malicious agents and it’s tied for first place for the most breaches across all sectors.

In a nutshell, healthcare is in critical condition when it comes to cybersecurity.

To address this condition, enterprise-level healthcare organizations, hospitals and their third-party business associates can increase data security and reduce risks of breaches by implementing user-friendly and customer-centric encryption services.

Customer-centric encryption is so important in healthcare because many agencies are transforming from paper to digital records while dealing with preventable insider threats (often in the form of delivery errors). This means to get the most out of encryption, healthcare organizations must consider how easy it is for patients, employees and business associates to use and trust the encryption solution.

What customer-centric encryption looks like in healthcare

The customer experience differentiators that healthcare organizations should look for in an encryption solution include:

• Integration of privacy by design features like definable policies to control which communications require encryption and how they are sent. This takes security decision-making out of the picture for busy healthcare administrators and ensures your organization stays compliant with regulations like the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the General Data Protection Regulation (GDPR).
• Multiple flexible delivery methods for different types of secure encrypted communications, including secure PDF (e.g., secure record delivery) and web portal access, TLS and encrypted attachments and support for S/MIME and PGP.
• Easy and frictionless user experience for employees, patients and business associates. This is especially relevant in healthcare organizations that serve an aging population who aren’t as tech-savvy as the general population. The World Health Organization suggests, “primary health care must be accessible and friendly to persons of all ages.” We agree and believe this applies to accessing patient records too.
• Secure bulk mail functionality that automates the process of emailing mass personalized documents securely. As the British National Health Service (NHS) can attest from its 2017 experience, losing 900,000 patient letters is no good for patient trust in their system.
• Multiple brand and language options to give patients the peace of mind that comes with receiving secure messages from a trusted source.
• Dedicated account support to help organizations understand how email encryption fits into their patient care and business models.

An encryption solution for healthcare organizations should be easy for employees to use. First, because making secure encryption the path of least resistance increases user adoption. And secondly, because data security breaches happen most frequently at the employee level in healthcare. For example, did you know that employees are increasingly exposed to malware hidden in Microsoft Office documents sent through email?

A matter of trust in healthcare

As we’ve seen in other industries like banking, trust is becoming a new currency and this equally applies  in healthcare because patient data is so personal. Healthcare patients expect that medical transactions—including booking an online appointment, communicating with a medical professional and having health records sent between institutions—are safe and secure, which builds trust. If patients don’t believe your healthcare organization can protect their data, they  lose faith and—when possible—they  leave. A recent Echoworx survey found that 80 per cent of customers consider leaving a brand after a data breach. With so many leaders concerned about organizational reputation—and in an increasingly competitive private healthcare landscape—can you afford an encryption solution that doesn’t give your employees, patients and business associates a frictionless user experience?

How healthcare organizations can achieve cost savings with encryption

In addition to supporting a patient-centred business model and reducing the risks of insider threats, there are financial benefits associated with adopting a flexible and frictionless encryption solution.

A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization using Echoworx’s Email Encryption platform can accelerate the adoption of digital document delivery, save $1 per paper document delivered digitally instead of through the postal system and accumulate a three-year cost savings of $1.5M.  This same study showed that adopting Echoworx’s self-service support options, like automatic password resets, increases call centre productivity, removes the need for additional overhead and can slash nearly $320K off the bottom line of an enterprise-level organization.

Encryption can save healthcare organizations money on process and system improvements. But that’s not all. Including encryption as part of an overall data security program also helps organizations avoid the cost of security breaches. For example, the average cost for a ransomware incident is $76,000 which sounds like a lot until you see that the average hacking breach costs $2.4M.

With so much at stake in healthcare, isn’t it time to integrate a frictionless encryption solution into your healthcare organization?

————

Sources:

2018 Data Breach Investigations Report, 11th edition (Verizon)
Cyber Security and Healthcare: An Evolving Understanding of Risk (Symantec)
https://www.who.int/ageing/primary_health_care/en/