Dbtech Blog

You’ve Got Mailware

If you’re anything like me you live in your email’s inbox

However, this awesome convenience used incorrectly can damage your organization financially and degrade your public brand.

Most hospitals share patient and corporate financial data via email for internal use.

Your C-suite leaders may dismiss this claim because there are policies in place to prevent it, however this does not stop internal gate-keepers from sharing reports and data directly via email to users throughout your hospital. It happens every day, and probably at your hospital too.

But how can this be? Modern EMR’s deliver information near real-time to users as requested. This is great in theory but every hospital using Epic, Cerner and others are emailing reports to those who don’t have the time to do it themselves, lack the technical IT skills or have demanded email delivery because of their political stature. Even those in the C-suite are receiving these, but indirectly through administrative assistants.

An HIT analyst told me that he regularly runs reports and massages its data into a spreadsheet before emailing to users. He did this specifically for people who would not otherwise access the EMR except to run reports. This isn’t the first time I have heard this, and in fact I come across this scenario more times than not.

Emailing corporate data or PHI is like tweeting your bank account’s login and password. You can’t put that genie back in the lamp, nor can you protect corporate data once it has been emailed. What assurances do you have that a file of patients who received chemo treatments attached to an email won’t be saved, duplicated and further disseminated? Can you generate comprehensive audits showing who accessed PHI once it leaves your outbox?

No, you can’t.

Issues are further complicated when emails are sent to groups. From an IT perspective this is wasteful, as the file is replicated for each recipient and network bandwidth is unnecessarily consumed. Each recipient can decide to retain the email indefinitely, or save it to local or network disk. This adds unnecessary overhead to your IT resources and complicates your ability to corral corporate content.

Those technically inclined can give me dozens of ways to fix issues created by emailing data internally. This may be true, but based on first hand observation and conversation with HIT professionals, most hospitals still email content to users and do not consider what happens to that content once it is sent.

One alternative to email is Document Management. Dbtech’s cornerstone Document Management solution named Ras has aided our customers since the mid 90’s. by ensuring security and audit of corporate content. Ras customers don’t email the document, but send a hyperlink that can only be accessed after user is authenticated. Your HIPAA coordinator will be happy to know that Ras audits all user actions in a secure and private way.

Using Document Management users get their content quicker, plus IT personnel no longer have to massage data and email recipients manually. The right Document Management solution automates delivery and management of corporate content, including…

  • Comprehensive Capture. Reports, text files, spreadsheets, word docs, images, audio recordings and more can be captured, stored and accessed within Ras. Even your EMR with all its presentation tools can benefit by using a Push approach for infrequent EMR users.
  • Data Mining. Ras automatically extracts content from documents and places that data into virtually any file format.
  • Email. Ras can deliver content via an attachment like you do it today (Don’t do that), but also can send a notification or hyperlink to the user for access.
  • FTP. Ras will securely move any content to another site…automatically at the moment the content is captured. Ras can also acquire new data from external FTP sites, this 835 and other X12 documents accessible on your payer’s sites.
  • Printing. Ras can auto-print the entire report to multiple destinations, but can also just print a sub-section of that document. This feature is also used by many clients as a way of automating the delivery of faxes.
  • Life Cycle Management. Each document collected within Ras has a specific lifetime associated. So if internal policies state financial reports are deleted after 7 years…they will be.

HIPAA violations for mishandling PHI can be expensive, but the impact to your hospital’s reputation can be devastating,

For more information about Ras and Document Management, check out http://www.dbtech.com/solutions/document-management/.

0 comments… add one

Leave a Comment