WHAT IS NIST? THE COMPLETE GUIDE TO THE NIST CYBERSECURITY FRAMEWORK
Explore this comprehensive guide on how the NIST Cybersecurity Framework can be applied to your organization.
The Impact of COVID-19 on Secure File Transfer in Healthcare
COVID-19 has impacted every industry and person, especially those involved in healthcare. With the influx of patients and the logistical nightmare of securely transferring patient data at the scale it is currently coming in, healthcare organizations are processing data at rates previously unseen.
Imagine being a healthcare professional trying to get important data to a customer or peer. Pre-COVID, you could walk down the hall, or put together an in-person meeting to get this information directly to the end-user. Now, with the emergence of telemedicine as a viable option, everything is being digitally transferred which is putting information at risk and making it significantly more difficult to transfer information from one source to the other.
With all of this taking place, it has become crucial that healthcare organizations have a secure solution in place to transfer important files and data. As a provider of secure compliance software, we understand the importance of continual data security, especially in a time of uncertainty like this.
Let’s look at how the pandemic has impacted the way the healthcare industry shares data and how to keep data protected in these unprecedented times.
What Changes Has COVID-19 Brought to the Healthcare Industry?
The healthcare industry has been completely transformed in the face of the catastrophic COVID-19 pandemic. One of the biggest ways in which the industry has been impacted is the changes to HIPAA protections. The federal government has temporarily lightened some HIPAA protections until the virus is under control.
In response to the pandemic, the Department of Health and Human Services (HHS) issued a notification with the following statement:
“As a matter of enforcement discretion, effective immediately, the HHS Office for Civil Rights (OCR) will exercise its enforcement discretion and will not impose potential penalties for violations of certain provisions of the HIPAA Privacy Rule against covered health care providers or their business associates for uses and disclosures of protected health information by business associates for public health and health oversight activities during the COVID-19 nationwide public health emergency.”
What does this mean? Essentially, HHS will temporarily allow for “good faith” disclosures of possible HIPAA information by organizations to fellow government agencies, if the information is relevant to the COVID-19 pandemic. HHS offered two examples for appropriate PHI (private health information) sharing, including disclosures to:
- “Centers for Disease Control and Prevention (CDC), or a similar public health authority at the state level, for the purpose of preventing or controlling the spread of COVID-19”
- “Centers for Medicare and Medicaid Services (CMS), or a similar health oversight agency at the state level, for the purpose of overseeing and providing assistance for the health care system as it relates to the COVID-19 response”
The lightening of HIPAA protections could have serious implications when it comes to data security and the sharing of files. Because the HHS orders are vague, it will be difficult to maintain strong data protection policies.
In fact, the pandemic has offered an appealing opportunity for hackers. The World Health Organization and other research organizations were targeted by hackers during the pandemic. If these organizations are vulnerable, healthcare organizations across the globe are likely to be vulnerable, too. And while the regulations have been loosened, for the time being, you still want to ensure your data is appropriately protected.
How a Secure Data and File Transfer Solution Will Help
In “normal” times, healthcare organizations are common targets for cyberattacks due to the value of sensitive healthcare data. Now, in the face of the pandemic and the loosening of HIPAA regulations, it’s more important than ever that private healthcare organizations and government agencies have the appropriate tools in place to protect sensitive data.
The first question you should ask yourself is: how is data currently being shared? Many companies use their email systems to share data. While it’s easy to simply attach a file to an email and send it to the intended recipient, this isn’t the wisest option.
Email file sharing has its limitations; the first of which is file size. Nearly all email systems can’t share files bigger than 25 MB, while many are limited to only 10 MB. In numerous organizations, larger files are shared on a regular basis. If there are size limitations on your file transfer, you’ll be forced to split the files into multiple transfers, which can lead to confusion or lost data. From a logistical standpoint, this is unwise.
Next, email file share is not a secure option. Even if you can control who accesses your email account with a secure password or multiple-step authentication, you can’t control the level of security your email recipient has in place. Other parties could intercept your email, compromising the sensitive data you were sharing. In fact, your email account itself could be susceptible to malware or viruses. Email, while convenient, is not the best option for transfers if you want to ensure sensitive data is protected.
So, what is another option for keeping data safe? A secure file sharing solution is a great option for healthcare organizations to easily protect PHI. Secure file sharing solutions allow you to encrypt your data, avoiding the vulnerabilities that come with a data breach. You can also limit who has access to your data, even to a granular level in your own organization. So, unlike email transfers, you can ensure that data is only accessed by the intended recipient. You can also share large files in a single transfer, instead of multiple emails.
In fact, you can even choose a secure file sharing solution that is HIPAA compliant. This means that, although HIPAA regulations have been lightened now, the right secure file sharing solution can help you maintain compliance even when normal regulations are back in place.
Adopting a secure, HIPAA compliant file sharing solution may require a little investment in terms of getting your team up to speed on using the solution, but it will also ease the burden of protecting your data in the midst of a pandemic and far after.
Want to learn more about using a HIPAA compliant file sharing solution? Check out our HIPAA Readiness Report.
About Brendon Ainsworth
Learner, Researcher, Customer-focused, and the Director of Sales for FTP Today. Brendon has successfully navigated multiple industries and has infrastructure certifications in GCP and AWS. He started his career in Oil & Gas business development and successfully transitioned to Rackspace as a Mid to Large enterprise technology consultant and then as a leader.