Importance with confidentiality and personal data in healthcare

Healthcare professionals deal with sensitive information and the society expects extreme regard to confidentiality.  Personal privacy is very important in 2010s.  It is a long message here but the importance probably deserves the emphasis.

Secured Electronic Transmission (of potentially sensitive information)

Sending information over unsecured email platforms is often considered extremely risky.  It may be viewed as similar to sending our personal particulars and secrets with open postcards.

It was difficult to arrange secured transmission of information but the situation is different now.  I am told that university and HA emails are more secure.  Yet, when information is sent out to a recipient without email account from the same institute, sealed letters become open postcards again.  An inadvertent error on address could also bring about un-calculable consequences.  And the sender can never tell how much role he plays when a leak is alleged, unless he has mechanisms to prove that he is never the cause of any leak.

Some email providers are worth visiting for the readers’ own decision.  At Tutanota transmission is encrypted and the sender may assign a different password to each recipient. The password may stay the same for each subsequent email.  Protonmail is another well respected encrypted email provider, and it provides an ability to time-restrict the existence of an email. Both of these providers are operated outside of America.

Cloud Storage may sometimes help in transmission, depending on the service and level of security provided.  An example is hightail.  A desktop application makes the cloud drive function like a directory of hard-disk – on multiple computers used by the doctor. There is a drop-box function with which a friend can deposit files safely.  One can send files to specified recipients with or without password protection.  It is natural that security is achieved only with additional steps in handling +/- costs, compared to very convenient other providers.

3. Password Protection

There is password protection or encryption with Microsoft Office documents, and PDF, depending on the version of software.  Password protection from old versions of Windows Office is not comparable to encryption in terms of security.  Yet, it is far better to password protect documents whenever there is potentially sensitive information, compared to null protection.

Instant Messaging

It is important that we are extremely careful with client and colleague personal information, as well as corporate contents, when we are messaging.  When pictures are taken, it is also very important to avoid containing personal particulars.  Common sense applies as to what constitutes sensitivity.

Whatsapp has often been considered to be lacking in security, but it is not as easy to hack as most people believe, unless the smartphone itself has been hacked.  A main security concern is probably its automatic backup function especially with pictures, which opens up other ways of hacking. Telegram may provide better security with its Secret Chat function. Secret messages may be erased by users or at preset time.  The recent Wickr apps may be better than either, with claims that there is no storage by the provider, and automatic deletion after preset time. But user friendliness is necessarily reduced.

It may be the most appropriate to use a corporate instant messaging tool for work and reserve social instant messaging for convenience.

Security with Digitial Storage Device

Healthcare professionals must not carry portable digital devices which contain patient or fellow-staff personal data in formats accessible to 3rd party.  Handy as they are, they may be lost or stolen, and become nightmare of everyone.  I do not pretend to be expert in encryption or confidentiality.  To each person, there are free and paid hardwares and softwares available for encryption. It may also be useful to install remote wipeout apps to protect data in case a phone is lost.

Social Media

Anything posted in social media, Facebook, Twitter, and any others, will become public, one way or another.  It is wrong to let any client, colleague or company information appear in these fields. It is also risky to put up description on one’s own feelings arising from work encounters.

File Removal

All of us know that depositing a file into the recycle bin does not prevent it from being retrieved.  To secure erase a file, one needs special care. There is an online comparison about such programs.  You may also visit the website of Eraser.