Today's technology facilitates secure compliance and fast user adoption.

It's no secret that collaboration and sharing of protected health information (PHI) is a daily, mission-critical activity. Today's healthcare landscape depends on sharing PHI to drive clinical efficiency and provide better patient care. Secure collaboration and intra-departmental PHI sharing extends from hospitals to practices, specialists, payers, pharmacies, labs, research institutions and government.

Moreover, meeting federal and state governmental regulations and accelerated auditing to ensure PHI security has become a key priority. Along with the “stick,” government is providing financial incentives for healthcare entities to achieve meaningful use for electronic health records. During the 2012 HIMSS conference, the federal government announced a draft proposed rule for Stage 2 meaningful use, including:

“Conduct or review a security risk analysis in accordance with the requirements under 45 C.F.R. Section 164.308 (a) (1), including addressing the encryption/security of data at rest. (3) And implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process.”

Notwithstanding the clinical need to share PHI data along with government enforcement to protect it, the volume of data breaches and class-action suits is embarrassingly commonplace. Why? The “2012 HIMSS Analytics Report: Security of Patient Data” said most facilities are too wrapped up in compliance issues to focus on keeping patient data protected. Also, common technologies facilitating data exchange can be unsecure and inefficient. Historical methods to share PHI were never designed as secure or encrypted (email and FTP), have file size limitations (email), require significant staff time to implement (FTP), can be left in unsecure environments (physical media) and don't produce audit trails of user activity.

Thankfully, there's now a better way to keep PHI secure, whether sharing or collaborating inside or outside your walls. Secure file transfer (SFT) technology can be completely secure, simple for your users and IT staff, and provide automatic data encryption, auditing, delivery confirmation and user authentication.

SFT and secure collaboration software should be completely secure and easy to deploy. Before acquiring an SFT system, here's a primer on what to ask vendors:

1. How simple is the SFT system for end-users and how fast is adoption?
2. Is data in transit and at rest automatically encrypted? Will encryption work seamlessly with your anti-virus software?
3. Are there any file size limitations? Does the solution depend on any Exchange Server file size limitations?
4. Does the application seamlessly tie to your existing information systems, such as Microsoft Outlook, and use Active Directory?
5. Must the app be deployed in the DMZ, or can it be split between network layers?
6. How easy is it for your IT department to audit user activity and files shared?
7. How do you add users outside the hospital walls (practices, payers, HIEs, etc.)?
8. Is the solution exclusively software and easily upgradeable?
9. Are there extra charges for major release upgrades, or are they included in the service agreement?
10. What are the vendor's mobile strategies and capabilities?

The following outlines how Biscom's SFT solution, Biscom Delivery Server, has helped healthcare entities meet their needs for easy PHI security:

Indiana Hospital Association: Replaced CDs to communicate PHI with 172 member hospitals, achieving HIPAA compliance, and cut process from a week to same-day turnaround.

Massachusetts General Hospital:
Enhanced HIPAA compliance, increased productivity 104%, reduced costs 65% and improved tracking.

Dana Farber Cancer Institute: Helped maintain PHI security, unlimited file sizes, efficient collaboration with dispersed users and simplified the tracking and auditing processes.

Children's Hospital Boston: Ease of use with immediate user adoption, scalability and unlimited file sizes.

With today's need to securely share PHI to drive better-quality care, it's time to re-evaluate existing methods. Whether achieving compliance or meaningful-use Stage 2 incentives by encrypting PHI, driving staff efficiencies, securing collaboration or auditing transactions, secure file transfer software is superior to historical communications methods. It's far easier and secure. When considering the deployment of SFT systems for your entity to communicate PHI, feel free to reference the questions herein to probe vendors and do expect a significant return similar to the examples cited here.

About the author
Alan Gonsenhauser is SVP, chief marketing officer, Biscom. He is responsible for accelerating Biscom's healthcare fax server, hosted cloud and secure file transfer businesses. Learn more at



PHI data sharing and secure collaboration made easy
By: HMT Mag
The Source for Healthcare Information Systems Solutions