- Most healthcare workers surveyed admit to non-secure healthcare data sharing using email.
A disturbing 87 percent of healthcare workers admit to using non-secure email to send sensitive information, including PHI, according to survey data provided to HealthITSecurity.com by Kickstand Communications, which conducted the survey for secure file sharing services firm Biscom.
Healthcare workers are 36 percent more likely to share regulated data such as patient information and credit card information via non-secure methods such as email than those working in financial services.
Yet, healthcare workers are 25 percent more likely to agree that their organization’s security and policies are good compared with employees working in financial services, the survey found.
Virtually all healthcare companies have secure document delivery tools, and 92 percent of employees report they have been trained on how to use them. Eighty-eight percent of healthcare employees understand how to use tools and understand company rules around security, but 10 percent admit they do not abide by them.
A majority of healthcare workers said when it comes to transferring data, documents, or information, they do whatever is easiest. Close to three-quarters of respondents who work in healthcare agreed that they consider email to be a secure form of data, document, or information delivery, and 64 percent said when it comes to sharing data, email is the easiest tool.
The methods that healthcare employees are using to share sensitive information and the type of information that is being shared both internally and externally are concerning.
For example, more than one-third of respondents said they share sensitive data, documents, or other sensitive information internally using a cloud storage service, like Google Drive or Microsoft One Drive, or cloud sync and share service, like Dropbox.
Around 60 percent share customer data, such as names, phone numbers, and addresses, internally, and a similar percentage share regulated data, such as PHI and financial information, internally.
More than one-quarter of respondents share sensitive data, documents, and information externally using personal sync and share service like Dropbox. Less than one-quarter share sensitive data, documents, or other sensitive information using secure file transfer and file transfer protocol.
A majority of healthcare workers admit to sharing customer data externally, and a similar percentage admit to sharing regulated data, such as PHI, externally.
“The survey’s results uncover some interesting factors that contribute to non-compliance,” said Biscom CEO Bill Ho. “It would surprise most companies who have made major investments in security that so many people just fall back to the easiest method, namely sending confidential messages and files through email.”
Across industries, 62 percent of the 600 US employees surveyed said they share customer data via non-secure email internally, 46 percent share strategy documents and presentations via non-secure email internally, 45 percent share company business and financial data via non-secure email internally, and 43 percent share regulated data via non-secure email internally.
Half of respondents across industries reported sharing customer data via non-secure email externally, 49 percent share regulated data via non-secure email externally, 35 percent said they share strategy documents or presentations via non-secure email externally, and 29 percent sharing intellectual property via non-secure email externally.
While 78 percent of respondents across industries said they understand and agree with their company’s security policies, an overwhelming number of respondents reported non-securely sharing information both internally with their colleagues (74 percent) and with people outside of their organization (60 percent).
When asked why they did not use company tools or comply with company policies, respondents across industries agreed complexity was the biggest challenge. In fact, when deciding how to send sensitive documents, 60 percent said they simply do what is easiest.