Dec 2
2014
Thinking of Emailing Medical Records? Think Again
Guest post by Yvonne Li, Co-founder of SurMD
The handling and sharing of medical records is a critical and sensitive issue, and one that affects millions of providers, patients and payers every day. According to the Center for Disease Control and Prevention, Americans alone make more than a billion visits to doctors’ offices, clinics and hospitals annually, so one can only imagine how often medical records exchange hands between patients, physicians, specialists, healthcare organizations and their staff.
Test results, images, medical and billing history and other related information continue to be mailed, faxed and—more commonly—emailed between interested parties. Email is the most popular of these options because it combines the wide accessibility of snail mail with the immediacy of fax transmission. But email as a means of sharing sensitive healthcare data lacks in three critical areas: security, regulatory compliance and working with large files.
Security, privacy and protection
Gaps in email security should have doctors and patients sweating bullets any time they attach medical information to an email and hover their cursor over the “send” button.
The overarching problem lies in the encryption, or lack thereof. Like CDs and popular online sharing services, medical records transmitted via email are generally unencrypted. This is the case not only in transit, but also when they sit on the servers of the email providers. Thus, sensitive medical information lies vulnerable at all times.
Exchanging records by email means exposing patients’ personal information and their entire medical histories to a nefarious underworld of hackers seeking to exploit such information. It may include the most personal and private information, from social security numbers to diagnoses for chronic illnesses. Should information get in the wrong hands, there’s no predicting the extent and impact of the consequences.
HIPAA compliance
Directly related to the security issue is regulatory compliance with HIPAA. Unencrypted emails are inherently insecure, so email must be encrypted to be complaint with HIPAA guidelines. It’s an ongoing battle, as 29.3 million patient health records were compromised in HIPAA data breaches from 2009 through 2012. And it’s getting worse: records breached in 2012 reflect a 138 percent increase from the previous year.
HIPAA places responsibility on healthcare providers to ensure the privacy and security of their patients’ records. Unencrypted emails residing on servers or hacked in transit can lead to breaches of medical records that place hospitals and medical organizations at risk for HIPAA fines of up to $50,000 for an initial offense. That’s a small price to pay, though, compared to the bad publicity and loss of patient confidence and community goodwill these reported incidents tend to bring.
Sending and receiving large files
Beyond security and compliance, the convenience factor of email—unencrypted or not—is a non-starter when trying to share high-quality images of CT scans, x-rays, MRIs and other common tests. Email services are unable to handle the vast, bandwidth-taxing file sizes these images require. That means physicians often save the information on CDs then ship them off to patients or specialists for further evaluation.
This process is susceptible to loss or theft during shipping, and—like email—CDs contain unencrypted information, compromising patient privacy. And, of course, the process also adds significant time to a patient’s diagnosis and a physician’s recommended course of action.
A Better Solution? It’s in the Cloud
For these reasons and many others, the medical community is rapidly adopting cloud-based solutions for the storage of electronic health records, and the most secure and convenient means of file exchange. HIPAA-certified cloud providers, especially, offer the encryption necessary to ensure patient privacy while offering a streamlined, efficient means for medical collaboration, speeding up response times that benefit patient treatment and care. What’s more, medical imaging professionals via the cloud can share imaging results easily and efficiently without saving files on CDs and shipping them for delivery. Now, in real time, patients and medical professionals can share x-rays and other images as cloud service providers make it possible to share medical image files of any size.
Just like the benefits of email, cloud exchange services for medical records aren’t just convenient, easy to use and timely, but they’re affordable as well. One can easily find a number of HIPAA-compliant cloud solutions that offer free services or pay-as-you-go fees depending on the amount of storage and level of functionality required.
The sharing of electronic medical records has made the medical profession more efficient and productive, while significantly improving the patient experience by empowering patients with a greater understanding of their own well being. And with the cloud, sending medical reports and history prior to a visit or collaboration has never been easier and more secure.
Patients are usually charged a dollar per page for printed medical records. When a doctor switches to internet based medical records and sends them to the patient as an attachment are they free since it is paperless?
Thanks for the article. I agree that cloud is the best solution, just make sure the provider is really focused on security. I use MyAirBridge and I am super happy there