Health IT Pulse

Jan 24 2013   3:38PM GMT

Health care providers have few secure file sharing sites

Ed Burns Ed Burns Profile: Ed Burns

Data breach
file sharing
HIPAA Compliance
HIPAA security

Medical professionals need ways to share files with one another. The problem is that popular file sharing sites like Dropbox and email don’t measure up to health care provider’s security and HIPAA compliance needs.

The issue has left health systems looking for solutions. But in a bring-your-own-device world in which employees are finding their own ways to access and share data, options can be limited.

A recent survey of businesses representing several industries conducted by IntraLinks, Inc. highlighted the problem. Results showed that 92% of businesses are concerned about employees sharing information outside of locally hosted systems. Additionally, 63% said a secure, public cloud storage system is one of their top needs.

While the results are not specific to health care, they do track closely to things information and security professionals in the industry talk about as primary concerns. Moving data is complicated, particularly when you’re dealing with federally mandated privacy and security requirements. Consumer-grade technology is often not up to snuff.

Health care providers continue to struggle finding tools that will allow physicians to transfer files securely without burdening the user with safeguards that get in the way. At the Privacy and Security Forum, held in Boston in December 2012, Partners HealthCare’s chief information security and privacy officer Jennings Aske said his organization recently tried to find a replacement for Dropbox that would meet health care security standards, namely one that would encrypt stored data. However, after identifying a vendor that offered secure file-sharing services, the vendor declined to sign a business associate agreement. Partners hadn’t found a replacement solution at the time of Aske’s comments because, as he said, too many cloud vendors that offer this kind of storage and file sharing are not transparent enough about their security practices.

But just because there are no obvious solutions doesn’t mean providers can take a pass. Doctors are going to share files, whether they have secure options or not. And with the Office for Civil Rights stepping up HIPAA enforcement, allowing doctors to continue using unsecure methods could be a costly mistake.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: