Security Risks with PHI Transmitted by Messaging and Call Centers

By Matt Ferrari, Chief Technology Officer, ClearDATA
Twitter: @cleardatacloud
Host of CTO Talk – #CTOTalk

In my work, I see a lot of hospitals, from very large ones with 5,000 or more physicians to very small practices with five or fewer doctors dedicate time and energy to security and compliance, and yet overlook a huge gaping hole that opens them to risk: answering services and call centers provided by third-party vendors.

Are you one of the vulnerable practices? It’s eye-opening to consider that PHI is being transmitted via phone and text without security measures in place as patients’ names, dates of birth, phone numbers, images and more are stored on answering service machines and transmitted unsecured via text to and among physicians. Yet, it’s critically important that physicians and care providers quickly get patient queries to understand and diagnose the urgency of a patient condition.

Because of that, I’m excited to share the fourth in my CTO Talk series on HealthCareNOW Radio (with previous episodes streaming on-demand via SoundCloud) with Callidus Health co-founders Dr. Ganesh Elangovan and Gerrit Adams. In a best-in-class example, these two have created a cloud-based clinic communication solution that is speeding medical care to patients in need, while securing their PHI in the process.

I don’t think many patients fully grasp how complex the back end of making EMRs (electronic medical records) secure actually is. The Callidus CareLINK system efficiently captures the recording of the call and quickly transcribes it, links it to the right physician, labels and structures the data and does it all on a fully cloud-based platform using IOS or Android systems where nothing lives locally on machines. They’ve spent considerable time and resources really thinking through where the data goes, where it lives, when it expires, how notes are taken and stored, and what happens to image storage.

It was their goal to build their CareLINK platform on top of AWS. They made it clear when they partnered with ClearDATA that they did not want to have to devote time and energy to thinking about the compliance / security concerns, but instead wanted to focus on building a great patient experience, and leave the security to us at ClearDATA. I think we can all benefit from learning more about their process in this podcast.

One of many advantages of being part of the ClearDATA team is we get selected to partner with innovators like this that are changing the way healthcare is delivered. CareLINK’s first cloud provider actually went down for two days, which led Callidus on a search to find a healthcare-specific, HITRUST, HIPAA-compliant cloud platform with relentless up time, as their work is clearly mission-critical. As we do our job, we can get the details of security and compliance out of their way, so they can innovate at scale.

What they’re doing is changing and protecting the way patients quickly get care, and the road ahead looks equally as exciting as they use the data and technology to increase patient engagement. Everybody wins on this one.

This article was originally published on ClearDATA and is republished here with permission.