FTC warning - without proper safeguards, electronic sharing of patient data is risky

The Federal Trade Commission (FTC) recently warned medical organizations of serious concerns about patient information safety that can be associated with sharing patient data when using hospital and medical practice websites or mobile apps. According to a 2021 study based on data from the U.S. Department of Health & Human Services (HHS), the frequency of data breaches involving healthcare institutions increased by 84% between 2018 and 2021. The overall number of victims increased dramatically from 14 million in 2018 to 41.45 million by 2021. Additionally, the number of healthcare breaches in the first five months of 2022 has nearly doubled from the same period in the previous year, according to data from the HHS Cybersecurity Program.1 

 In this recent July 2023 FTC/ HHS article  - “FTC and HHS Warn Hospital Systems and Telehealth Providers about Privacy and Security Risks from Online Tracking Technologies” - they warned of concerns regarding the use of technology in remote health care that could potentially share a user’s unauthorized, sensitive health information. While the warning to hospitals and telehealth providers is about the privacy risks associated with tracking technologies integrated into their own websites and mobile apps, it's an extremely important reminder to all of us about the huge risks of privacy violations and patient safety associated with the unauthorized disclosure of an individual’s health information to third parties and organizations not protecting patients and patient data (even if very unintentionally) 2. Health entities have a responsibility to protect against the unauthorized disclosure of personal health information.  

With due diligence when selecting a remote care management partner - patient data safety is completely possible

Data sharing and data protection is a real problem and a real risk if you are not careful to work with a company that understands safety, data and compliance. It takes a lot of work, sophisticated systems and built-in back ups to ensure the safety of your data, and it takes seamless EHR integration to ensure safety, compliance and peace of mind. 

For organizations looking to work with a remote care management company - it is imperative to do your due diligence. There are many companies sprouting up that work in remote care management. A lot serve as a third party technology manager; few offer staffing solutions in conjunction with software; many do not have the understanding of healthcare and the technical or software expertise to ensure effective programs and data safety mechanisms. It’s important to be very careful about the company you choose to go forward with when selecting someone to help develop your remote care management programs. It’s definitely possible to have highly reliable and compliant software and to have completely safe and secure patient data sharing and patient management within the practice. You just have to ensure that you are working with a team and company that understands the complexity of medical software, the electronic health record (EHR) and considers data security and HIPAA compliance to be important and an essential component of developing remote care management software and programs. 

Medsien is the industry leader in seamless EHR integration and safe, effective and compliant remote care management programs. Hundreds of organizations trust Medsien’s unparalleled technology solutions to deliver a quality patient experience. If you’re struggling to provide quality patient care with disconnected systems and outdated tools, Medsien offers the most advanced, automated platform to power up your practice. You can count on our technology expertise, deep experience and understanding of technical infrastructure and our exceptional software to create secure programs.  We can help you transform your organization and the remote care you provide - quickly, efficiently, effectively, reliably and most importantly - safely. Read more about the benefits of hiring experts.

‍

EHR integration, combined with well-designed software is the key to data safety and security

Medsien’s technology was created with safety and security in mind.  We prevent data breaches and fraud - and protect your patients, your practice and your data through highly technical software design and integration with the EHR.  See the key factors that make Medsien remote care management programs safe:

‍

1. All in one platform with single source of truth = extra security
2. Automated and EHR integrated data, no manual data sharing = safety
3. Automatic logging = accuracy and backup
4. Third party HIPAA assessments = compliance
5. Cyber liability insurance = peace of mind 

‍

Read-only software makes the data doubly secure

Some companies that sell remote care management programs create a user Id in the client's EHR and have many different people logging on to see, access and even potentially change key personal patient data.  With Medsien, the source of truth for patient data is the client’s EHR. There is no ability to change any data.  All of our programs have read only access and we do not change any information in patient’s charts. Medsien’s program and EHR integration are designed to ensure that there is no ability to access or change the data whether intentional or accidental. 

‍

No file sharing or file exchanges - ever 

Integrated, automated data exchange ensures safe data sharing, data security and HIPAA compliance. 

With Medsien, there is no manual file sharing or file exchange.  When you have EHR integration -  which incorporates using APIs (application programming interface) with the EHR - you have a safe incorporation of data. API’s are software intermediary that allows two applications to talk to each other and facilitates a safe and accessible way to extract data within and across organizations. Manual data sharing leaves you extremely vulnerable to data leaks or data breaches. HIPAA regulations explicitly state that health data is never to be transferred this way, yet many companies still do it - as is evidenced in the FTC warning sent out this month. Without the technical and software skill sets essential to creating safe, accurate and compliant remote care programs, many companies are left using manual data transfers and unsafe programs. Using Medsien’s highly technical software and EHR integration allows for the safe incorporation of data  - with no leaks, no breaches, and no unintentional - or untracked - sharing with individuals.

Medsien never asks anyone to send reports. Other companies manually share files -  we never do. Our data transactions are completely safe, reliable and fully HIPAA  compliant. All of the servers we use and work with are HIPAA compliant as well  - which further helps us to keep all communication channels and all of our data secure. 

‍

Automatic timestamps ensure accuracy and backup  

With an automatic timestamp, you will always know exactly when the system was accessed. If you just manually send a file, you do not know who, or when or how many people are looking at or accessing the data. Also, you don’t know if the file is further shared again and again.  Even if there are no ill intentions, this is a severe violation of patient privacy, safety and security. When you have EHR integration and Medsien software, you always have a timestamp on each interaction and entry, offering important backup protections. With EHR integration, the automatic timestamp ensures that you know exactly when data is accessed every time. The timestamp is insurance - it’s a backup of everything that occurs ensuring safety and accuracy. 

‍

3rd party HIPAA assessments show commitment to safety and compliance

To identify vulnerabilities and continuously protect patient information, organizations must frequently analyze their security situation. Conducting regular HIPAA risk assessments takes care of this - and actually is mandatory for true HIPAA compliance even though not everyone does it.1  Updated security risk assessments can help you in maintaining information security and preventing any fines and penalties due to a violation of HIPAA regulations.

Medsien as a company, and all Medsien remote care management client programs, go through a third party HIPAA assessment. Third party assessments - assessing administrative, physical and technical risks - help identify and address any issues that could potentially arise in an office that deals with protected health information. These audits are especially important in the case of a HIPAA security breach or privacy violation. At Medsien, we run everything we do through these assessments to ensure compliance. Read more about Medsien and compliance  and audit proofing a practice 

‍

Cyber liability insurance offers protection and peace of mind

Cyber liability insurance protects companies in the event of a network cybersecurity failure that causes your business to give way to malware, ransomware, business email compromise, distributed denial of service, attacks or data breaches. A cyber liability policy typically covers your business’ (or client’s) liability for a data breach involving sensitive customer (patient) information. Medsien carries cyber-liability insurance for our company and for any clients to protect against any data security breaches or privacy violations. This further ensures safety, compliance and peace of mind for us as a company as well as providing quality and safety protections for any client programs. 

‍

Reimagine remote care management with Medsien 

As previously mentioned, Medsien is the industry leader in seamless EHR integration and safe, effective and compliant remote care management programs. The real value of EHR integration and highly specialized software is that it ensures the accuracy, effectiveness and safety of all patient data. APIs ensure our software is secure and there’s no ability to change that data. With EHR integration, you can be sure that any data in the EHR is accurate, up to date and safe. 

The FTC article warns about manual data sharing and ways some remote care programs potentially breach patient data, putting patients and organizations at significant risk. Medsien programs are intentionally designed to avoid and decrease these risks. Our programs, software and EHR integration ensure that the data from our clients is safe and reliable and that we are always compliant about patient care and patient data. 

‍

References: 

1. Electronic Medical Records in Healthcare. HHS Cybersecurity Program. Published Feb 17, 2022. Retrieved Oct 6, 2022 from https://www.hhs.gov/sites/default/files/2022-02-17-1300-emr-in-healthcare-tlpwhite.pdf.
2. FTC and HHS warn hospital systems and telehealth providers about privacy and security risks from online tracking technologies. July 20, 2023. Contact: Juliana Gruenwalk Anderson, FTC office of Public Affairs. https://www.ftc.gov/news-events/news/press-releases/2023/07/ftc-hhs-warn-hospital-systems-telehealth-providers-about-privacy-security-risks-online-tracking?utm_source=govdelivery

‍