Sharing Documents Securely via E-MailDana-Farber Describes Its New Approach
For healthcare institutions involved with medical research, sharing data can be tricky. Not only does patient information need to be protected, but large files can quickly clog up users' e-mail accounts. Dana-Farber Cancer Institute, a Harvard Medical School-affiliated hospital in Boston, has found a way to tackle both challenges at the same time.
Researchers at the hospital frequently send and receive huge files related to clinical research and grants that can quickly clog up their allotted limit of 100 Mbytes of data that can be saved in e-mail accounts, explains Matthew Temple, director of research computing.
"Many of the researchers and PIs [principal investigators] would be traveling and a bunch of grants would be sent them by e-mail, exceeding their quotas and tying them up from doing anything," he says.
On top of that, large files from spreadsheets, slide presentations and other documents containing patient information need to be protected when the material is shared among the researchers.
To address both issues, Dana-Farber deployed Biscom Delivery Server, an enterprise secure file transfer system. The system enables users to securely share large e-mail attachments and files containing sensitive data and provides tracking and audit trails of file activity.
How the System Works
When a researcher transmits a file using the technology, the file gets automatically encrypted, Temple explains. The sender opens up a client tool and indicates the recipient or recipients to whom the document is being sent. The recipient receives an e-mail with an embedded link to the document, not the actual file. To open the encypted file, the recipient must click the "link" and then type in a password or register on the secure transfer system. The encrypted message then is unencrypted and loaded up on a local file server, where it can be saved by the recipient.
Default settings by a Dana-Farber administrator can determine how long the document is available to recipients on the server after the message has been sent. "You can say [recipients] have a certain number of days or weeks to pick up the document," Temple says. "Senders can click on check boxes to get an e-mail when a document is downloaded by recipient."
Dana-Farber users are authenticated using Microsoft Active Directory, Temple says. Outside researchers who are not part of Dana-Farber or its affiliated organizations, including Harvard Medical School and Partners Healthcare, can securely send and receive files to and from Dana-Farber users via the Biscom system. However, the system is set up to prevent the e-mail message containing the links from being forwarded to third parties.
"You don't want a situation where you send sensitive information to a person and then that person willfully sends it to someone else," Temple says.
The only potential loophole: If the recipient saves the document "and separately sends that to someone else, they've violated confidentiality," he says. "That would be willful malfeasance," he says.
Data Protection Steps
To help address risks, Temple says, "We have a general institute-wide policy warning people about sharing of confidential information as well as protected health care information." The hospital also offers frequent privacy and security training.
Ongoing training is an essential component of any effort to prevent breaches of protected health information, says Rebecca Herold, an independent security consultant who heads the firm Rebecca Herold & Associates. "This will be most effective if the training is customized to the environment," she adds.
To safeguard PHI transmitted via e-mail, Herold says, healthcare providers should consider technical controls that include implementing encryption, data loss prevention systems, PHI inventory software and text messages controls.
"When sharing protected health information, organizations certainly need to have multiple safeguards in place," Herold stresses.