When it comes to sharing protected health information (PHI) and other sensitive patient information in a secured fashion, it appears that healthcare professionals take a largely “Do as I say, not as I do” approach, according to the results of a new survey.
Eighty-seven percent of healthcare workers surveyed admitted to using non-secure email services to send sensitive information, despite the fact that a majority of providers have secure methods and services available and appropriate training on these methods, according to survey results from Kickstand Communications, which conducted the survey for secure file sharing services firm Biscom.
Ironically, the same respondents said they are 25 percent more likely to agree that their organization’s security and policies are good compared with employees working in financial services, although they are 36 percent more likely than financial service professionals to share regulated data such as patient information and credit card information via non-secure methods such as email, HealthITSecurity reported.
Despite ample training on HIPAA compliance, the reasons for noncompliance in data sharing are somewhat predictable. According to the survey, respondents said they chose unsecured email for sending sensitive data because it was the easiest method available. Nearly three-quarters of healthcare respondents consider email to be a secure form of data, document, or information delivery, and 64 percent said when it comes to sharing data, email is the easiest tool. Healthcare workers share this mindset with respondents in other industries, too. Respondents in other industries confessed that when they broke with company policies to share information, they did so because it was easier than following the rules.
“The survey’s results uncover some interesting factors that contribute to non-compliance,” said Biscom CEO Bill Ho in a press release. “It would surprise most companies who have made major investments in security that so many people just fall back to the easiest method, namely sending confidential messages and files through email.”