According to reports on a recent survey, the vast majority of healthcare workers share sensitive medical information using non-secure email. The survey, conducted by Kickstand Communications, reportedly found that 87% of healthcare workers surveyed admitted to this practice. These results echo other reports finding that employees and others with access to an organization’s confidential information may pose the greatest risk to data security.

As reported by HealthITSecurity.com, key findings from the survey include:

  • Healthcare workers are 36 percent more likely to share regulated data such as patient information and credit card information via non-secure methods such as email than those working in financial services;
  • 10 percent of healthcare employees admit they do not abide by their employer’s security rules;
  • More than one-quarter of respondents share sensitive data, documents, and information externally using personal sync and share services like Dropbox;
  • Across industries, 29 percent of respondents admit sharing intellectual property via non-secure email externally; and
  • When deciding how to send sensitive documents, 60 percent of respondents across industries said they simply do what is easiest.

The survey reportedly also found that an overwhelming number of healthcare employees understand their employers’ information security policies and how to use the secure communications tools provided to them. Yet, a majority reportedly indicated that they do whatever is easiest when they need to transfer data and 64 percent said when it comes to sharing data, email is the easiest tool.

The survey results suggest that healthcare providers’ data security efforts cannot end at training employees to use their communications tools. Rather, these efforts must include programs to create a culture of information security. This can include elements such as:

  • Reminders of the reasons the security measures have been put in place;
  • Exploring ways to make secure communications systems easier to use;
  • Soliciting employee feedback on ways to make secure communications more efficient; and
  • Auditing the use of non-secure methods of communication.

As scrutiny from regulators increases and plaintiffs’ lawyers bring new claims based on data breaches, healthcare employers and employers across all industries need to be sure they walking the walk and not just talking the talk on information security.

It is critical that businesses ensure their employees have greater awareness of the sensitivity of the personal information they acquire, handle and transport, and receive training about how to be more cautious handling it. The Jackson Lewis Privacy, e-Communications and Data Security team can help your organization with employee training and implementing appropriate procedures to address these types of risks.

Below are additional Jackson Lewis resources that address employee handling of sensitive personal information in the healthcare industry:

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Michael R. Bertoncini Michael R. Bertoncini

Michael R. Bertoncini is a principal in the Boston, Massachusetts, office of Jackson Lewis. He is a member of the Healthcare industry group and a member of the Higher Education group.

With a background as a former Deputy General Counsel, Michael understands first-hand…

Michael R. Bertoncini is a principal in the Boston, Massachusetts, office of Jackson Lewis. He is a member of the Healthcare industry group and a member of the Higher Education group.

With a background as a former Deputy General Counsel, Michael understands first-hand the competing demands and unique challenges faced by in-house counsel. Before joining Jackson Lewis, he was responsible for all labor and employment law matters for the largest fully integrated community care hospital system in New England. Michael provides timely, practical advice that helps clients achieve their strategic goals while ensuring compliance with legal obligations.

With deep experience in a broad range of industries, Michael has a keen interest in the healthcare, higher education, museum, and arts & music sectors. He is dedicated to supporting clients in these areas, leveraging his extensive experience to address the specific challenges faced by institutions and organizations in these fields.

Michael regularly partners with clients to establish positive employee relations. In labor relations matters, he negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with respect to rights and obligations under collective bargaining agreements and applicable labor and employment laws. He also has extensive experience in advising organizations responding to corporate campaigns and negotiating neutrality agreements.

Michael’s privacy and data security practice focuses on advising clients on complying with HIPAA and other state and federal privacy and data security laws. He reviews and develops policies and procedures, written information security plans and integrated compliance programs to ensure his clients meet their obligations under privacy and data security laws. Michael represents clients in investigations of alleged data breaches and advises them on reporting obligations.. He also conducts workplace training programs on HIPAA compliance and related privacy and data security topics.