Portable telephones. Personal computers. Airplanes. At some point in history, all of these everyday fixtures of our reality were only the stuff of science fiction. What seems at any moment in time like an impossible fantasy will, at some future date, become reality.
Consider the tricorder from Star Trek. In the original TV series, a doctor could place this fictitious handheld device against a patient’s head and immediately learn the patient’s vitals. If we flash-forward to today (actually, back in early 2015) — we find that this device now exists. According to this story from CNN, a new medical scanner can tell a health professional your blood pressure, oxygen levels and other information about your health — just by placing it on your forehead. And yes, if you’re wondering, the device’s makers say it was inspired by Star Trek.
But here’s where things might go from truly amazing (this thing was just a few decades ago the stuff of science fiction!) to possibly concerning — particularly if you’re in the healthcare field or are responsible for securing electronic protected health information. This real-world “tricorder” device transmits your personal medical data wirelessly to a handheld device like a tablet, for your physician to review.
Health Data is Residing in More Places — Which Means More Targets for Hackers
In other words, while these advancements are terrific for your healthcare business and for your ability to deliver high-quality care to patients, they also create new vulnerabilities for your ePHI — vulnerabilities that can jeopardize your patients’ security, your organization’s regulatory compliance, and even your reputation. Consider the title of this recent feature from ID Experts: “Medical Data Everywhere: Health Revolution or Time Bomb?
Because your organization’s staff — including doctors — are increasingly maintaining and accessing patient data from more places (smart phones, tablets, cloud apps, etc.), your IT department will have more trouble with data governance and simply keeping track of all of the places they need to secure this data.
In fact, another recent ID Experts article points out that the staff at most health providers use literally 10 times more cloud tools and apps than their IT teams know about.
So, what does this mean for your organization? How can you protect all of this ePHI and other sensitive information traversing the Internet and on the mobile devices — personal as well as company-issued devices — of your staff? Here is one suggestion.
Move Your Faxing from Outdated On-Premise Architecture to a Secure Cloud Fax Service
First, understand that if your company is still using antiquated fax technology, such as desktop fax machines, you are leaving your organization open to real security and compliance risks for any data transmitted using that technology. To cite just two examples, your employees can leave printed fax documents containing ePHI on a fax machine for anyone to see or take, and digital copies of any fax transmitted with a fax machine are maintained in the machine’s hard drive.
You’re not much safer with fax servers, either. These also often maintain electronic copies of your fax documents in their memory. Moreover, when the fax server’s memory fills and the hard drive needs to be purged, many companies resort to printing the stored faxes for archiving, and this creates a new problem of faxes in unsecured paper format.
So our recommendation for securing your patients’ ePHI — and placing your company on the right side of HIPAA compliance — is to outsource your fax infrastructure to a trusted cloud fax provider, and to let your employee send and receive faxes securely by email. eFax Corporate, often complemented by eFax Secure™ in the HIPAA environment, is entrusted every day to transmit millions of pages of sensitive corporate documents by businesses in the most heavily regulated industries, including healthcare. Our proven capabilities help enterprises meet the strictest federal mandates regarding data transfer, tracking and storage.