DataMotion’s second annual survey on corporate email and file transfer habits helped give insight into how secure and compliant the responding IT and business decision-makers perceived their organizations to be. Specifically, it delved into the both advancements and lingering issues for healthcare providers in securing patient data in a compliant manner.
In all, the email encryption vendor heard from more than 400 IT and business decision-makers across the U.S. and Canada. Though the survey was cross-industry, healthcare was the most prominent portion of respondents. According to the study, healthcare respondents are making strong efforts toward improving security and compliance practices but there is still work to be done. DataMotion said that healthcare organizations are beginning to understand the message that they must protect private and sensitive data.
“There [have] been improvements in security and compliance since last year, and healthcare in many ways is leading the way compared to other industries, but there are still serious problems to address,” said DataMotion’s Chief Technology Officer, Bob Janacek, in an email to HealthITSecurity.com. “52 percent of healthcare respondents said their company either doesn’t have, or they are unsure if they have, a BYOD policy. There have been many incidents of mobile devices being lost or stolen that contain protected health information, potentially resulting in a HIPAA breach, and this puts organizations at great risk. Furthermore, healthcare regulations have expanded; meaning companies not previously covered, might be now.”
Healthcare, the study noted, often showed above average progress in protecting email and file transfers. Because of the emphasis HIPAA and the final Omnibus ruling place on policies, these new priorities aren’t all that surprising. Here were some of the results:
- 90.4 percent of respondents said their company has security and compliance policies for transferring files electronically
- 84.8 percent stated that employees/co-workers have the capability to encrypt email
- 86.4 percent maintained that their organization “strive[s] to achieve total compliance”
Not all of the figures were positive, however, and there are still education gaps:
- 32.6 percent healthcare respondents said they believe co-workers do not fully understand security and compliance policies for transferring files electronically.
- 3 out of 4 healthcare respondents felt employees/co-workers “routinely” or “occasionally” violate security and compliance policies for transferring files electronically.
- While 87.7 percent of healthcare respondents said their company permits the use of mobile devices for email, 40.3 percent report there is no BYOD policy and 11.7 percent are unsure if there is a policy.
- More than a quarter in healthcare have used, or recommended others use, free consumer-type file transfer services. 30.5 percent said their company does not forbid the use of these services.
“These survey findings give us a textured understanding that hopefully will help businesses overcome and anticipate related issues, especially in an age where security and compliance can so dramatically impact the bottom line,” Janacek said.