Imagine a healthcare agency dedicated to serving its community, yet unknowingly putting patient privacy at risk with each click of 'send' to an email account. In today's digital age, safeguarding sensitive health information isn't just a legal obligation—it's the cornerstone of trust and integrity in healthcare. 

Let's explore why relying on 'shared@communityhealthcare.ca' for referrals could be a costly oversight, jeopardizing both patient confidentiality and the agency's reputation.
‍

Email and Referrals… a bad match

Using email for sending and receiving referrals is a poor practice that can lead to significant privacy, security and compliance issues. 

Inadequate Security Measures: Standard email lacks robust security measures. Most email services do not provide end-to-end encryption, making the content vulnerable to interception during transmission. This inadequacy exposes sensitive patient information to potential breaches.. 

Potential for Human Error: Emails can be easily sent to the wrong recipient, leading to unintentional disclosure of PHI. Such errors not only breach patient confidentiality, but also open up the organization to legal liabilities and loss of trust.

Challenges in Auditing and Monitoring: With email, it is difficult to maintain a comprehensive audit trail. Healthcare agencies need to track who accessed specific patient information and when. Emails, especially those sent from shared accounts, do not provide the necessary level of detail to maintain a reliable audit trail.

Record Keeping: Proper documentation and tracking of referrals are essential in healthcare for continuity of care and legal reasons. Secure systems designed for healthcare referrals often have features that ensure proper tracking and logging of communications, which standard email systems lack.

Lacking Consent Interface: Email has no specific method, such as a click-through agreement, for ensuring consent is actively collected before proceeding with a referral. Such a consent interface establishes a clear record and helps protect confidentiality by ensuring all parties involved understand and agree to the referral process before information is shared. Furthermore, such an interface can enable revocation of a referral, and deletion of patient health information, if consent is later withdrawn - something that cannot be done with email. 

 Simply put, your standard Outlook email inbox is not PHIPA or HIPAA compliant.

‍

Example: Eastern Ontario Data Breach

Incident: In 2016, an Ontario Hospital experienced a data breach when emails containing sensitive patient information were sent to incorrect recipients. 

Details:

• Human Error: Staff at the specific hospital mistakenly sent referrals containing personal health information (PHI) via email, to the wrong recipients.
• Lack of Encryption: The emails were not encrypted, making the information vulnerable to interception and unauthorized access during transmission.
• Inadequate Security Protocols: The hospital lacked adequate security protocols and training to prevent such errors and to ensure that sensitive information was sent securely.

Consequences:

• Patient Privacy Compromised: The breach compromised the privacy of numerous patients, exposing their sensitive health information to unauthorized individuals.
• Regulatory Scrutiny: The breach prompted an investigation by the Information and Privacy Commissioner of Ontario (IPC), which scrutinized the hospital's email security practices and compliance with privacy regulations.
• Public Trust Eroded: The incident was damaging to the hospital’s reputation and undermined patient confidence. The hospital had to undergo significant remediation efforts. 

Lessons Learned:

• Standard email services lack encryption necessary to enable interorganizational referrals.
• Secure online forms, either on the organization website, or for facilitating system to system referrals, are a necessary alternative to email.

‍

Going from Bad to Worse - Shared Email Accounts 

Shared email accounts, such as 'navigators@seniorhealthcompany.com' or ‘intaketeam@hospital.com’, allow multiple staff members to access the same inbox using the same credentials. Unfortunately, this seems to be common practice when multiple staff share a role. This further exacerbates the problems of email.

Lack of Accountability: Sharing an email account makes it nearly impossible to track who accessed or sent specific emails. Without individual accountability, it becomes very challenging to audit actions and ensure compliance with privacy regulations.

Healthcare agencies need to track who accessed specific patient information and when. Emails, especially those sent to or from shared accounts, do not provide the necessary level of detail to maintain a reliable audit trail.

Individual accounts are a precursor to enabling Role Based Access Controls (RBAC) which further can restrict access to what is necessary for a person’s specific role. 

Security Vulnerabilities: Using shared email accounts increases the risk of unauthorized access. For example, if an employee leaves the organization but still knows the shared email password, they could potentially access sensitive patient information.  Also, setting up two factor authentication for email becomes problematic with shared email accounts, as 2FA relies on a unique access point, like a mobile device, to receive an authentication code.  This lack of control over email access poses a significant security threat.

Regulatory Compliance Issues: Regulations like HIPAA in the US and PIPEDA in Canada mandate strict controls over who can access personal health information (PHI). Shared email accounts often fail to meet these requirements, leading to non-compliance. Healthcare organizations could face hefty fines and penalties for failing to protect PHI adequately.

‍

Example: West Ontario Data Breach

Incident: In 2018 an Ontario Hospital experienced a data breach due to inadequate email security. It was reported that unauthorized emails containing sensitive patient information were sent from a shared email account.

Details:

• Commissioner Investigation: Office of privacy commissioner conducted an investigation.
• Inadequate Controls: Shared email accounts were found to lack proper access controls, and there were insufficient safeguards to prevent unauthorized access and use of the account.
• Inadequate Security Protocols: There could be no effective security audits given the lack of control on system access.

Consequences:

• Patient Privacy Compromised: The breach may have compromised the privacy of numerous patients, exposing their sensitive health information to unauthorized individuals. The extent of the breach was difficult to assess.
• Orders by Regulator: A series of recommendations and orders were issued, covering email administration, security, encryption, training and auditing.
• Public Trust Eroded: The incident harmed the hospital’s reputation and undermined patient confidence. The hospital had to undergo significant remediation efforts. 

Lessons Learned:

• A system of unique user accounts, for email and any other systems of record containing sensitive information, must be implemented and managed at a healthcare organization to maintain regulatory compliance.

In summary, the use of email accounts to send or receive healthcare referrals poses substantial threats to patient confidentiality, organizational integrity, and legal compliance. The examples of data breaches highlight the vulnerabilities and consequences of inadequate and insecure email-based referral practices. 

To safeguard sensitive health information, healthcare organizations must implement secure, individualized referral systems, like Caredove's access management solution, to ensure robust security measures, strict access controls and PHIPA/HIPAA compliance. By adopting these measures, healthcare providers can protect sensitive patient information, comply with regulatory requirements, and foster a trusted environment for patient care.