Postbreach Scrutiny Raises Questions about E-mailing Patient Information, Response Time
May 13, 2015 | Risk Management News
In the wake of a breach involving more than 3,000 patient records, a Boston healthcare system is being criticized by security experts for allowing its employees to e-mail protected patient information, states a May 6, 2015, article from CSO. According to the article, following the breach, the organization vowed that it was stepping up employee training about phishing e-mails that hackers can use to gain access and enhancing "existing technical safeguards" to protect patient information. However, some security experts believe that instead of better protecting the e-mails, the healthcare organization should instead consider not using e-mail at all for transmitting sensitive patient information. "Putting patient data into emails introduces elements of risk to both privacy and security," states one data security professional in the article. "It is a very questionable practice, outside of the phishing breach."