TRENDING:

Secure E-mail Cures Headaches

A physician group solves communication problems Howard Anderson (ismg_editor) • February 8, 2010    
Secure E-mail Cures Headaches
For physician group practices, responding to requests from patients, lawyers, insurers and others for copies of patients' medical records is a time-consuming, labor-intensive headache. But one New York practice has found that secure e-mail is a cure for that pain, as well as a remedy for other communication maladies.

Crystal Run Healthcare, a 200-physician, multi-specialty practice in Middletown, N.Y., now uses secure e-mail for a variety of purposes, including certain doctor/patient communications as well as to share private information with its accountants, lawyers and others, says Miguel Hernandez, the practice's I.T. director.

The practice began investigating secure e-mail "because a younger generation of patients was coming in and begging for more electronic interaction with the practice," Hernandez says. Plus, some physicians were starting to ramp up their use of e-mail, which led to concerns that doctors might use e-mail to share personal health information in violation of the HIPAA privacy rule.

"We started to use secure e-mail for some patients on a small scale," Hernandez says. But soon, the practice determined that the technology, from Proofpoint Inc., Sunnyvale, Calif., could help cure a huge headache for its medical records department.

Inefficient process

The practice uses electronic records software from NextGen Healthcare Information Systems, Horsham, Pa. But when patients, attorneys, insurers and others requested copies of records, the practice printed out copies and either mailed them or faxed them to help ensure privacy. With records that could amount to hundreds of pages, this grew into a time-consuming task.

Today, the practice uses secure e-mail instead to transmit the patient records electronically, assured that the encrypted information will remain private, Hernandez explains.

When a secure e-mail is transmitted, the recipient receives a brief, standard note that they have a secure message waiting for them on the practice's Web site. Once the recipient launches that link, he is prompted to create a user account and password and answer some challenge questions, much like setting up an online banking account. Then the recipient can view all encrypted e-mail messages and open any attached files.

Three encryption options

The practice creates secure e-mail messages in three ways, Hernandez explains:

  • Users can click on a "send secure" button added to Microsoft's Outlook e-mail system that automatically encrypts the message using Proofpoint's software and transmits an e-mail to the recipient directing them to the Web site.
  • If a user transmits a standard e-mail via Outlook, Proofpoint will automatically encrypt it if the software's logic detects certain keywords, such as "Social Security," that indicate it likely includes personal patient information.
  • Certain departments, including human resources, automatically transmit only encrypted e-mails because so many of their messages contain sensitive information.

At first, the shift to secure e-mail raised some issues with the practice's patients, Hernandez recalls. "John Q Public at the beginning had a hard time because the e-mail messages referring them to our Web site looked a little weird," he says. "A lot of them thought the message was spam or they thought it was some kind of hoax. So we had to redesign the standard e-mail message so it was clear that it was legitimate."

Some patients who were not computer-savvy "were really thrown for a loop" when the secure e-mail message link launched a Web browser, Hernandez adds. As a result, the practice launched a campaign to educate patients about how the system worked. Plus, it coached doctors to use e-mail with patients more selectively, first making sure the patients were comfortable with the technology.

What's next?

Next, the practice will work on more routinely using secure e-mail for communications with insurers about payments and other issues, Hernandez says.

The bottom line: "Considering the cost of secure e-mail, as opposed to the cost of litigation over a HIPAA violation, it's certainly worth it."

Previous
The Essential Guide to HITECH Act
Next
HITECH a Wake-Up Call for Practices

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Securing the SaaS Layer
Securing the SaaS Layer
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.