DataMotion, an email encryption and health information service provider (HISP), offers the results of its third annual survey on corporate email and file transfer habits, revealing significant security risks. While companies in all industries increasingly have put security and compliance policies in place – nearly 90 percent of all respondents affirming that in 2014 (compared to 81 percent in 2013) – the growth is largely from healthcare entities.
More than 97 percent from the industry report their organizations as having policies in place, compared to 90.4 percent in 2013. However, challenges remain for healthcare when it comes to implementing these, ranging from low employee comprehension to policy violations. Additionally, a lack of encryption, risks in mobile device usage and low awareness of Direct Secure Messaging (Direct) pose serious issues for the highly regulated industry.
DataMotion polled more than 780 IT and business decision-makers across the U.S. and Canada. In particular, the survey focused on individuals who routinely work with sensitive data and compliance regulations in a variety of industries including healthcare, financial services, education and government.
More than 300 respondents were from healthcare. Key insights/comparisons on the industry include:
Healthcare Security and Compliance Policy: Gains Undermined by Implementation Failure
36 percent of healthcare respondents said within their entity, security and compliance policies are at most only moderately enforced.
81 percent of all respondents said employees/co-workers either occasionally or routinely violate these policies. While healthcare fared better, nearly 73 percent admitted the same.
Key to making policies work is ensuring employee comprehension. When asked if they thought employees fully understood these types of policies, more than a third in healthcare said no, just a slight improvement over those from other industries.
When asked about common reasons why policies are violated, 52.7 percent from healthcare said it was because employees were not aware of the policy or that they were in violation. Another 29.1 percent said employees didn’t understand policies. Most troubling,18.2 percent said policies were intentionally violated by employees to get their job done.
These healthcare findings raise a “red flag” whereas key to passing an HHS/OCR HIPAA audit is demonstrating implementation of policies.
Virtru allows user to choose when to keep their digital content private and secure even after it’s shared online. Manage and revoke access to emails, photos, files and other content at any time, right from within your favorite programs like Gmail, Outlook, and Mac Mail on your desktop or smartphone. The TDF is an open standard for securing content of all kinds. Virtru gives everyone the power of the TDF by integrating it with the tools you use every day, like Gmail and Outlook.
Virtru Pro makes it dead simple for physician practices and other organizations to easily, conveniently, and cost-effectively send PHI messages and files over email while complying with HIPAA. While hospital medical record systems often include a secure messaging component that supports safe communications, many organizations prefer to use regular email or do not want to incur the cost and complexity of heavyweight systems. This is especially true for small to mid-sized practices that have fewer financial or IT resources available to them. Virtru Pro is easy to set up and easy to use for doctors, administrative staff, and patients.
Virtru Pro is a cost-effective, easy-to-use, HIPAA-compliant email service for the healthcare industry. Offering the easiest, most secure way for healthcare organizations to comply with the Protected Health Information (PHI) requirements of HIPAA, Virtru Pro ensures these communications are secure, protected and integrated into the tools and processes used daily by physicians, administrators and patients:
Provider-to-provider communications including consult results, CT scans, diagnostic images, prescriptions and scheduling information;
Provider-to-patient communications including test results, prescription information, procedure preparation, and scheduling information; and
Patient-to-patient communications, such as the connection of patients who share a condition and can support each other as physicians offer group care.
With Virtru Pro, an entire organization can now easily send and receive secure, PHI-compliant encrypted emails, revoke sent messages, restrict forwarding and set expiry for emails and files to auto delete. Confidential information sent to colleagues and patients remains private, audit ready, and protected. Virtru Pro eliminates the risk of patient data being inadvertently forwarded to an unintended party and provides added controls so that physicians can determine how their patients’ health information is viewed and shared.
Virtru Pro works with all major email systems and is especially well suited to organizations using cloud-based email providers such as Google Apps for Work, Gmail and Microsoft Office 365.
Virtru was founded to bring true digital privacy to everyone – making end-to-end email encryption dead simple to use and integrated into the products people use every day.
CTO and co-founder, Will Ackerly, spent eight years at the NSA in various positions of senior management where as a cloud security architect he developed the standard for secure data transfer used today by various government agencies – The Trusted Data Format (TDF). He left the NSA to bring this technology to the consumer market, where he saw a real need for people to have control over the privacy and protection of their personal information online. As a senior technology adviser for the Bush White House, before and after the events of 911 followed by six years in the private equity business, co-founder and CEO John Ackerly also saw a real need to provide individuals with the power to protect their digital communications. Combining the technical knowledge and know-how brought by Will with the-on-the-ground experience of John has resulted in a perfect storm that is Virtru.