File sharing has become a key component of productivity across many industries and verticals – though it also represents a significant risk if improperly managed. As noted in a previous post on document control, employees freed of oversight tend to practice a staggering degree of negligence where file sharing’s concerned. Internal employees are not the only risk, either.
(Originally posted by Jay Barbour on Biz blog)
Many modern business processes involve third parties. Within your own walls, IT has enough visibility to mitigate the damage when data loss occurs. This is not the case with a third-party environment – your documents are at the mercy of your contractor or business partner.
This is of particular concern in healthcare, an industry notorious for having organizations that are flagging in terms of security. It is an industry regularly lambasted by experts for having poor security practices. It’s a field in which employees are forced to contend with poorly designed, outdated technology on a regular basis, which causes them to turn to unauthorized workarounds such as SMS on personal smartphones or insecure cloud file sharing services.
If you’re a healthcare provider of any sort, then at least one of your business partners is likely a security laggard – and it falls to you to ensure you don’t put your data at risk.
Why does document security matter, anyway?
Healthcare organizations typically share highly sensitive Protected Health Information (PHI) such as consults, patient files and diagnoses, imaging files, health insurance details, and other data. Distributing and storing such data through anything other than a compliant platform is a clear violation of the US’s Health Insurance Portability and Accountability Act (HIPAA), with the potential for regulatory and legal action if discovered. In this regard, IT is faced with a significant challenge.
Consulting doctors typically work with multiple healthcare providers, often requiring access to patients’ PHI at one point or another. Because these professionals are independent, their devices may not be managed by any IT organization. As such, basic security measures such as passwords and device encryption often aren’t enabled.
It isn’t simply PHI that’s at risk, either.
Proprietary information such as databases, research protocols, clinical trials and medical research is shared in high volume among hospitals, research authorities, pharmaceutical firms, regulatory bodies and other parties. The more entities that files are shared with, the greater the chance they will be leaked or misused. Many healthcare providers are also consolidating to reduce costs and expand market share and, as part of the merger process, are sharing commercially sensitive files.
What happens to this unprotected information if the parties part ways because a merger could not be negotiated?
The biggest threat to healthcare data security
While it’s certainly true that sophisticated cyberattacks, such as the one that struck Anthem earlier this year, threaten healthcare data security, that isn’t the primary cause of data loss. It’s lost and stolen devices. Sensitive information such as PHI is frequently accessed and stored on mobile devices such as smartphones, tablets or laptops, all of which are easily stolen or misplaced.
It happens more often than you’d think, and the number of breaches connected to lost or stolen devices seems nearly endless:
- In September 2015, a laptop containing sensitive documents was stolen from a Pathways Professional Counseling Center employee’s car.
- In June 2015, an unnamed individual at Eastern Health misplaced a USB flash drive containing the personal information of 9,000 employees.
- In July 2015, a laptop belonging to a physician at the University of Oklahoma’s Urology Clinic was taken from a vehicle.
- In 2014, two laptops and a cellphone were stolen from Albertina Kerr’s Gresham Campus.
- In 2012, a laptop and unencrypted backup tapes were stolen from a Cancer Care Group staffer’s car.
- In August 2011, a laptop containing PHI was stolen from an unlocked room at Lahey Hospital and Medical Center.
At issue here is the fact that there exists no way of ensuring visibility into how files are being used with traditional sharing tools, particularly with third parties. Once a file has been downloaded to a user’s device, it must be left to faith that it’s secure. All control is lost, and the user can modify the file as they see fit.
Protecting against the risks involved in file sharing requires security controls that follow files wherever they go – and that’s where WatchDox comes in.
How WatchDox Makes Your Documents Safer
A two-time visionary in Gartner’s EFSS Magic Quadrant, WatchDox provides built-in Digital Rights Management that ensures your sensitive documents are protected no matter where they are. More importantly, it connects your employees and partners to the files they need to get their work done, no matter their platform or device. Here’s how it works:
- The owner of a shared document library chooses how and with whom they will share their files. Only approved users have access.
- DRM-protected files are ALWAYS strongly encrypted, wherever they go. And only authorized parties can decrypt and view the files.
- Granular policies are used to allow or disallow local saving, cutting and pasting, copying, editing, forwarding and screenshotting.
- User-specific background watermarks protect against screenshot security risks.
- WatchDox is accessible through clients, plugins and a Web interface. All three are designed for ease of use, requiring only a simple login process for a user to have access. Clients are available on both Android and iOS devices.
- WatchDox’s DRM integrates easily with all major operating systems.
Conclusion
File sharing has exploded across many industries, healthcare included. Unfortunately, without the right tools to protect sensitive data, this fundamental use case only exacerbates PHI security risks. Left unchecked, employees frequently misuse sensitive files, and the amount of sharing that takes place in the health industry makes the risk that something might be leaked all but a guarantee.
WatchDox provides organizations with a way to ensure that their information is kept safe and secure, without requiring them to sacrifice employee productivity in the process.
Mobility offers enormous potential for delivering the best quality patient care, but there are a lot of issues to consider in creating a secure mobile healthcare strategy, chief of which is document control. WatchDox, recently recognized by Gartner in its 2015 Critical Capabilities for Enterprise File Synchronization and Sharing, equips your business with everything it needs to provide convenient file access to healthcare employees – without putting patient information at risk.
Our new book, The BlackBerry Guide to Mobile Healthcare, and webinar series help decision makers address some of the key challenges. Click here to get your free copy of The BlackBerry Guide to Mobile Healthcare and visit BlackBerry Enterprise Webcast Central for archived webcasts on Why Home Healthcare Should Go Mobile, Clinical Collaboration and Hospital Staff Coordination and other enterprise topics.