According to reports on a recent survey, the vast majority of healthcare workers share sensitive medical information using non-secure email. The survey, conducted by Kickstand Communications, reportedly found that 87% of healthcare workers surveyed admitted to this practice. These results echo other reports finding that employees and others with access to an organization’s confidential information may pose the greatest risk to data security.

As reported by, key findings from the survey include:

  • Healthcare workers are 36 percent more likely to share regulated data such as patient information and credit card information via non-secure methods such as email than those working in financial services;
  • 10 percent of healthcare employees admit they do not abide by their employer’s security rules;
  • More than one-quarter of respondents share sensitive data, documents, and information externally using personal sync and share services like Dropbox;
  • Across industries, 29 percent of respondents admit sharing intellectual property via non-secure email externally; and
  • When deciding how to send sensitive documents, 60 percent of respondents across industries said they simply do what is easiest.

The survey reportedly also found that an overwhelming number of healthcare employees understand their employers’ information security policies and how to use the secure communications tools provided to them. Yet, a majority reportedly indicated that they do whatever is easiest when they need to transfer data and 64 percent said when it comes to sharing data, email is the easiest tool.

The survey results suggest that healthcare providers’ data security efforts cannot end at training employees to use their communications tools. Rather, these efforts must include programs to create a culture of information security. This can include elements such as:

  • Reminders of the reasons the security measures have been put in place;
  • Exploring ways to make secure communications systems easier to use;
  • Soliciting employee feedback on ways to make secure communications more efficient; and
  • Auditing the use of non-secure methods of communication.

As scrutiny from regulators increases and plaintiffs’ lawyers bring new claims based on data breaches, healthcare employers and employers across all industries need to be sure they walking the walk and not just talking the talk on information security.

It is critical that businesses ensure their employees have greater awareness of the sensitivity of the personal information they acquire, handle and transport, and receive training about how to be more cautious handling it. The Jackson Lewis Privacy, e-Communications and Data Security team can help your organization with employee training and implementing appropriate procedures to address these types of risks.

Below are additional Jackson Lewis resources that address employee handling of sensitive personal information in the healthcare industry:

Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Michael R. Bertoncini Michael R. Bertoncini

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, employment law counseling and litigation, and data privacy and security law.

In labor relations matters…

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, employment law counseling and litigation, and data privacy and security law.

In labor relations matters, he regularly counsels clients on the practice of positive employee relations, negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with respect to rights and obligations under collective bargaining agreements and applicable labor and employment laws. He also has extensive experience in advising organizations responding to corporate campaigns and negotiating neutrality agreements.

Mr. Bertoncini’s privacy and data security practice focuses on advising clients on complying with HIPAA and other state and federal privacy and data security laws. He regularly reviews and develops policies and procedures, written information security plans and integrated compliance programs to assist clients in meeting their obligations under privacy and data security laws. Mr. Bertoncini has represented clients in investigations of alleged data breaches and advises them on their reporting obligations in the event of a data breach. He also conducts workplace training programs on HIPAA compliance and related privacy and data security topics.

Before joining Jackson Lewis, Mr. Bertoncini was Deputy General Counsel for a hospital system that is the largest fully integrated community care organization in New England. He was responsible for all of the system’s labor and employment law matters, and was involved in its acquisition by a private equity firm as well as its growth from six to ten hospitals in a twelve-month period. His three years as in-house counsel for this large health care system give Mr. Bertoncini a keen understanding of the impact of labor and employment law issues on clients’ business operations.

In addition to his labor relations and privacy experience, Mr. Bertoncini has extensive experience in conducting internal investigations and counseling clients on whistleblower and retaliation matters, as well as negotiating executive agreements, both employment and separation agreements. Mr. Bertoncini also represents clients in the litigation of employment matters. His litigation experience includes matters before federal and state courts and administrative agencies. He has appeared before United States Courts of Appeals and District Courts, Massachusetts and New York state courts, the Equal Employment Opportunity Commission, and the Massachusetts Commission Against Discrimination.

Mr. Bertoncini is a frequent speaker and trainer on labor and employment law topics for various organizations including Massachusetts Continuing Legal Education, Council on Education in Management, Lorman Education Services, the Boston Bar Association, and several chambers of commerce.

While attending Boston College, he received the John A. McCarthy, SJ Award for the most distinguished Scholar of the College thesis.