You probably know you shouldn’t send personal information about yourself, a friend, a patient/client or any other contact through email. And you might have even heard of email encryption. But if it seems like protecting your confidential information is something that would be necessary only in a spy movie, think again. It’s important not only to avoid identity theft, but also, in some industries where client confidentiality is legally protected, it is required by compliance.

Hackers are hitting closer to home. Let’s break down the basics of digitally communicating secure information, and I’ll provide you with a solution to protect yourself, your clients and your business.

Enforcing compliance policies

When you send an email, the message leaves your email provider’s server and travels over the Internet. It’s easy to see that security could be an issue if you are using a public Wi-Fi hotspot (such as the local coffee shop), but protecting your information can also be an issue when sending emails over your home or work networks.

Another point of concern is your old or archived email messages. I’d be willing to bet very few of us delete every email that comes through our inbox. Important emails are typically read, filed and saved for later reference. These emails are vulnerable to hackers even if you’ve password protected your email program.

But there’s a bigger issue here to consider. Although you can encrypt your email server connection, and you send your email out over encryption protocols, it’s not always possible to make sure the recipient has the same set of security practices in place. Your information might have gone out secure, but that does not always mean it stayed secure and was delivered secure. Because you can only control your company’s practices, it’s best to have a companywide policy on what is and what is not acceptable to be sent over email. Once this policy is created, it must be enforced, and there should be checks in place to make sure everyone is staying compliant.

Staying secure with third-party service

So how do we accomplish sending secure information and ensuring it stays secure while also being readable to the recipient? Sometimes this simply means not using email. In terms of HIPAA and HITECH compliance, patient information, which includes dates of birth, Social Security numbers, credit card information, bank information or any personal patient data including diagnosis, should not be sent out via email. Instead, it is recommended to use a third-party service to send out this information. Two of the many products that allow the collaboration and sharing of information are Citrix ShareFile and Box for HealthCare. These two products allow you to upload this data over a secure connection to a third-party secure site.

You then set up permissions and access restrictions. Some of the options you can set are related to the people who are authorized to download the document, the amount of time the documents are available to download, the number of times the document can be downloaded or if the end user can upload additional documents. You can change these parameters as needed or completely delete the item if necessary. I recommend thinking conservatively when setting up these options as you can always relax the parameters as needed on a case-by-case situation. Sticking to your company’s policies will help protect you, your employer and your client’s information.

Once this is all set up, you then send a link to this site from the online portal. Recipients will then receive two emails. The first will have a link to set up their account on the site using their email address for authentication. They will be asked to set up a password the first time they access the site. Because the recipients are setting up the passwords, and you are not, they are also able to reset it without you having to do it for them. The recipients will then need to open the link on the second email and sign in with their email address and their newly created password. Users can then view, download and/or upload information to the site over a secure connection depending on the parameters you have defined. Once the data is downloaded on the recipients’ network, it is then their responsibility to ensure the information stays within the appropriate compliance.

On your end of a Citrix ShareFile and/or Box for Healthcare account, you will always use the same username and password no matter which of your clients or contacts sends you information. This makes it easier to collaborate with multiple people without needing multiple unique usernames and passwords.

The next time you are tempted to send someone personal information over a shared Wi-Fi hotspot at Kaldi’s, stop and put on your spy mask. Wait, set up an encrypted account and do this right. Your security and adherence to industry compliance might just depend on it.

 

Recent News

What We Get When We Embrace the Artisans

  The multi-year process of rewriting the city’s development code caused a significant amount of sturm und drang, especially among the downtown folks, but...

Intro to Co-working

This article appeared in print as part of “Remote Control”   You’ve heard of co-working, but what is it exactly? And is it for...

Your Guide to Driving Electric in Mid-Missouri

This appeared in print as part of “Not Quite Flying Cars.”   Columbia has limited charging options for electric vehicles. Here’s where to plug...

Could You Go Pro?

This article appeared in print as part of “Remote Control”   With a growing gig economy, remote work isn’t just for employees. Think you...

Women Entrepreneurs: Building the Team

This post is the final in a four-part series about creating a new entrepreneurship program, the Missouri Women’s Business Center, while simultaneously helping entrepreneurs...