The Perils of Vendors Storing PHI

Healthcare IT Security

March 15, 2017
security breaches and cyber-attackes on healthcare companies

Recently over 14,000 Medicare recipients of Brand New Day’s health plan had their personal records exposed due to an error from a third party vendor. According to HealthITNews, the breached data included PHI such as names, addresses, dates of birth, contact information, and Medicare ID numbers. Though this breach was unintentional, it leaves one wondering, why or how do these HIPAA violations keep occurring. Healthcare environments have many moving parts, so much so that third parties vendors with varying specialties are required in order to provide all levels of service for patients. However, the inherent danger of such partnerships is the handling of PHI through these various services. The moment an organization grants access to this data to their partners, the uncertainty of PHI hand-off ensue.From malicious intent to basic human error, the breach of patient data can originate from many points. A vendor’s IT department could backup the PHI on a laptop for any reason. That laptop could then become lost or stolen, thus exposing patient information. Employees of third parties could also become victims of phishing scams or ransomware attacks, that makes the entire database on their internal servers vulnerable. The point really is more of a question. With such risk, how do you manage which vendors should access and store your PHI?Our philosophy at QliqSOFT is this: If a vendor does not need PHI, then the vendor should not store PHI. That is why we developed our exclusive Cloud Pass-ThruTM architecture, which only utilizes cloud-based servers as a conduit for transferring encrypted messages between Qliq secure texting users. In contrast, legacy client-server messaging architecture  stores all messages and PHI in the vendor’s cloud server creating unnecessary security risks.  Keeping this data only opens vendors to potential breaches such as the one mentioned above. To learn more about how QliqSOFT and its family of secure communication products, CLICK HERE to request a demo.

The Author
Ben Henson

A lifelong communicator, this Tennessee native got his start in broadcast news before branching out into public media, corporate, communications, digital advertising, and integrated marketing. Prior to joining QliqSOFT as the company's first marketing team member, Ben shared his talents with organizations that include the University of Alabama, iHeartMedia, and The Kroger Company.

Related Content

Customer Success Story:

No items found.
Related Story:


Want our blogs in your inbox?
Subscribe for more!

Thank you!
Oops! Something went wrong while submitting the form.