Why password protection isn’t enough for healthcare professionals

Posted: Mar 21, 2014
Share This:

For some, email may seem like a quick, easy and secure method of sending and receiving information. Sure, it’s fairly instantaneous and as simple as typing a few notes to the recipient, perhaps with a vital attachment. But secure? Think again.

Medical records, prescriptions, claim forms, and insurance authorizations are only a few of the many forms of sensitive information that is shared daily between healthcare professionals. For some, logging in with a username and password may seem a satisfactory level of protection when sending these sensitive documents, but it is inherently insecure.

Here are a few of the reasons why:

  • Your username and password may be unique to you. It may contain over 10 characters including letters, numbers and symbols but can still be cracked by amateur hackers in the span of a few hours.
  • Email messages are viewed by numerous firewalls and virus checkers once they have been sent. As such, any sensitive information, either in the body of the message or in any attachments, could be compromised.
  • Mistakes happen! Human errors occur and an email could erroneously be sent to the wrong person due to a typing blunder.

For this reason, it is vitally important that healthcare professionals consider the benefits of cloud fax technology. The Health Insurance Portability and Accountability Act (HIPAA) aims to safeguard Protected Health Information (PHI) held by ‘covered entities’ such as physicians and clinic office managers, pharmacists and health insurers.

While password management is part of the Sfax HIPAA compliance plan, other technical, physical and organizational measures are in place to provide covered entities with a service they can rely on. For example:

  • User authentication via a username and password upon entry to either the desktop or mobile version of the site. After which, access to secure messages can be further protected by a two-step authentication process.
  • Mandatory login following 15 minutes of inactivity or once the application has been reopened.
  • Advanced Encryption Standard (AES) for message data both in flight and at rest and 2048-bit RSA encryption for key exchange.
  • Compulsory https:// standard for all desktop, mobile, web and API communication features to protect against unauthorized access over wireless and wired networks.
  • Continual observation of network activity to protect covered entities and PHI from security violations.
  • End-to-end encryption and decryption of messages transferred over the SSL protocol. After encryption, all messages are securely archived on a central server to protect against destruction.

For more on Sfax and HIPAA compliant faxing click here.