For healthcare organizations, secure file transfer is not an option or nice to have. No sir. With HIPAA, HITECH and other rigorous compliance rules, it is an ABSOLUTE requirement.
Much of a health care organization’s sensitive data is held in files, and certainly the vast bulk of confidential information moved around are in files and documents, too often travelling across email or sent through low-end file sharing tools such as DropBox.
Neither approach will do for the level of protection these files need and the volume of sensitive data passed around. If your weak email or file sharing systems are breached, compliance auditors won’t be laughing. They will be too busy writing out fines.
No matter how safe you think your file transfers are, they are not safe enough unless they go through a properly configured Managed File Transfer (MFT) solution.
Here are some examples of sensitive health data that must be protected:
- Patient appointment reminders
- Medical reports
- Big data e.g., medical images
- Billing and payment data
- Regulatory compliance reports
- Compliance reports
- Claims submissions
Why Shadow IT is a Bad File Transfer Option
Many think Dropbox and other file-sharing apps are slick—and they certainly can be. For simple sharing of non-sensitive files, they are great. Just not for enterprises and the sensitive data they contain. The downside is they are made for file sharing, not file transfer. Unfortunately, many healthcare employees use the Dropboxes of the world to send around YOUR data.
The problem is these unauthorized apps are a breach and compliance fine waiting to happen. “Shadow IT services, the use of personal devices, the adoption of a 'cloud-first' or 'cloud-only' strategy, and merger and acquisition activity, among others, represent a collection of other threats to data protection. Decision-makers must evaluate the relevance and magnitude of these threats and develop appropriate countermeasures,” Osterman research argued in its What Decision Makers Can Do About Data Protection whitepaper.
Those that fail to stop Shadow IT suffer the consequences. “The use of Shadow IT apps and cloud services results in confidential data being stored in systems with unknown security protections, the usage of apps that were never designed with business purposes in mind, and threats of unpatched and unidentified software vulnerabilities leading to data breaches. As employees embrace cloud applications beyond the list of corporate sanctioned services, inadvertent and malicious data leakage increases, along with unauthorized access to sensitive corporate data,” Osterman cautioned. “Shadow IT services that are not connected to the identity and authentication solution of the organization can also support malicious insider data theft. For example, revoking a user’s identity on their departure or termination will prevent future access to services connected to the identity solution, but for non-connected Shadow IT services, no such prevention is possible. An ex-employee can continue to log in and access current and new data stored and shared through these services.”
Transferring Data from Site to Site
Health organizations must often transfer clinical data from one facility to another, and here MFT is the optimum solution. “Sending rich-media medical files such as ultrasound video to an attending physician? Large imaging files like MRIs or CT Scans? Or exchanging important data with external sources such as health plans, pharmacies, insurance companies, doctors’ offices and Medicare?” explained the MOVEit whitepaper, 7 File Transfer Challenges of Healthcare IT. “In every case, your proficiency at transferring files quickly and securely impacts the health of patients, the livelihoods of medical professionals, and the success of your healthcare organization. And of course, the work involved in managing these systems is also a key factor in your own professional standing and well-being.”. “In every case, your proficiency at transferring files quickly and securely impacts the health of patients, the livelihoods of medical professionals, and the success of your healthcare organization. And of course, the work involved in managing these systems is also a key factor in your own professional standing and well-being.”
Take the Healthcare MFT Quiz
Many perform file transfers with legacy solutions. They call them legacy for a reason, as they are nowhere near as good as a carefully chosen, modern, task-specific solution. Here are eight questions from our Healthcare whitepaper to figure out whether MFT is for your healthcare shop.
- “Has there been a significant increase in the sheer volume of confidential patient files your systems are handling? How about the complexity of the files?
- Is the challenge compounded by the use of cumbersome DOS scripts?
- Even though your tasks may be “automated” batch jobs, is the DOS scripting for file transfer job creation and execution proving to be time consuming and error prone?
- How about meeting Patient Health Information (PHI) logging requirements?
- Do you have difficulty determining when a file was transferred, where it went, and if it even got there? Do you sometimes have to spend hours or days searching?
- At times, is the scheduling of file transfer jobs a monumental challenge (for example, manually rescheduling every job when a password changes)?
- Do your end users sometimes circumvent IT and use unauthorized file transfer solutions that put confidential claims data, pharmacy records and patient information at risk?
- Given these everyday challenges, do you feel you’re already playing 'catch up' when it comes to implementing the measures that are be required by landmark legislation such as the Affordable Care Act?”
Visibility and Auditing
Having zero visibility into file transfers is just asking for trouble. Imagine a critical file never made it to its destination. What if it was mistakenly sent to the wrong person? Now IT must hunt the wayward file down, unravelling an array of errors, exceptions and problems that could solve the mystery. For security, compliance and peace of mind, IT must always and easily know, for example, what clinical data was sent, where it went off to, if it was actually received, and when and how exactly did it get there? And just as critical: the real-time status of the data.
You can’t have file visibility if your file transfer system is not centralized. Often this is due to a reliance on a patchwork of home-grown systems – usually scripted systems. Such a hodgepodge is inefficient, insecure, confusing and almost impossible to maintain.
For healthcare organizations, you may have different systems for different use cases, such as one for radiology and another for obstetrics— both with loads of “band-aid” fixes scripted along the way.
A better way is a single, centralized, consolidated secure file transfer solution for doctors, nurses, administrators, and partners.
Email Not the Secure File Answer
Many shops still rely on old fashioned email for file transfers since attaching a file is something everyone can do. While this is fine for non-sensitive data, it is one of the worst things you can do with a sensitive, compliance-regulated file.
Besides the insane security risk (file interception, sent to the wrong recipient or even an entire distribution group), email is not made for large files. Many mail clients limit the size of file attachments to 10MB or less—not nearly enough to accommodate unstructured, multimedia formats such as ultrasound video files, audio files, images, and so on.
Meanwhile, transferring large files through email servers causes performance degradation problems that impact reliability and file delivery.
Having many copies of large attachments gobbles up allocated storage and leads to massive storage management headaches.
And of course, IT has no visibility as to where the files are—a real problem when auditors come calling.
FTP Better Than Email, but Not Nearly Good Enough
FTP (short for File Transfer Protocol) file transfer solutions beat the pants off email, but have limits no healthcare organization should put up with.
The main problem is the lack of a method for encryption during file transport, meaning your sensitive health data could be intercepted during transport. FTP solutions, which rely on manual processing with no native means for automation and integration with business processes are not scalable. If you want to automate and integrate, you go back to your in-house script jockeys to write customized scripts.
Meanwhile, files stored on an FTP server stay there until someone takes them off. This is a big burden for account administrators that must take action for single time setup, deletion or change management process. Finally, FTP solutions lack the great stuff Managed File Transfer features, including: connectivity, administration, automation and reporting.
The Bottom Line: ROI Your CEO Will Thank You For!
MOVEit not only solves secure file transfer challenges, it pays you back at the same time, as the graphic below indicates.
Case Study—the Hattiesburg Clinic Transfers Thousands of Files With East
The Hattiesburg Clinic in South Mississippi has its hands full, taking care of over 500,000 Mississippians facing various health challenges. With such a burden, the last thing the sprawling clinic needs is file transfer problems.
The clinic faced a heap of issues manually scripting file transfer solutions and overcame them with file transfer automation provided by MOVEit. It turns out Managed File Transfer (MFT) was the perfect medicine for safe, efficient, compliant file transfers.
The clinic needed to transfer thousands of files quickly and safely. Unfortunately, the scripting it employed to securely, quickly and automatically transfer files was anything but easy. “It was time-consuming to write the scripts, test them, and be thorough and thoughtful with the process. It’s not simply a copy command. You want to make sure that it’s received and do all the failsafe checks and things of that nature,” said Josh Hazel, Director, Clinical Server Systems. “It became very time-consuming. When we sat down to write a new script for a new process, we would pull our hair out and say, ‘We have got to find a better solution.’”
Prior to MOVEit, it took the clinic’s IT staff 30-60 minutes to write each script. “With MOVEit, it’s in minutes,” said Stephen Klauk, Data Extractor for the clinic’s database system. Not only that, the clinic has a process that took minutes to create but is also proven, repeatable, and trusted by IT. “And it logs itself and keeps track of everything it has done,” Klauk added. MOVEit has been part of the organization for around seven years and works so well the clinic no longer bothers to collect metrics. But when it did, the results were stunning. “In the early days, we tracked back how long it took us for these various scripts we wrote for tasks compared to creating a new script or a new process in MOVEit. It would take seven minutes versus the 45 minutes to an hour or 90 minutes,” Hazel said. “Early on, we did track, and we had significant savings. I don’t recall the percentages, but it was 80-plus percent improvements just in time and resources. We don’t even think about writing those long, arduous scripts. We go straight to MOVEit, create a task and set it up. It’s a no-brainer.”
Learn more in our Health Clinic Files Get from There to Here with No Wrong Turns Using MOVEit case study.
Case Study—Manipal Hospitals Cuts File Transfer Time by 85%
Manipal Hospitals operates the third largest hospital in India with multiple care facilities located across five states, catering to around 2 million patients from India and overseas every year.
The hospitals’ previous file transfer approach left the IT team with the burden of manually managing each transfer process. It was no easy task – the team not only had to manage large numbers of data across 200 users, but the process also required extensive setup for each new user request.
The IT department needed to ensure that the flow of information between internal users, hospital partners and patients was seamless and secure. These data transfers had to be reliable and easy to track so files could be accessed quickly and there would be no delay in the exchange of crucial information. Data security was also a key concern to protect patient privacy and ensure compliance with internal/external audits.
Automating file transfer with MOVEit is generating big dividends for Manipal Hospitals. “We estimate that we have reduced time spent on administrative tasks, such as creating individual users or ensuring transfers are running successfully, by as much as 85%. With MOVEit, our team has more time to focus on value-added projects, accelerating our pursuit to continue as the Healthcare IT leader in the country,” said Ashish Gupta, Deputy Managers for Manipal.
Learn more in our Manipal Hospitals Entrusts MOVEit with Secure and Fully Automated Sensitive Data Transfer case study story.
Get More Info
Learn more about secure file transfer with our MOVEit Cloud Healthcare data sheet.
You can also check out our eBook 7 File Transfer Challenges of Healthcare IT.