The Perils of Vendors Storing PHI
Recently over 14,000 Medicare recipients of Brand New Day’s health plan had their personal records exposed due to an error from a third party vendor. According to HealthITNews, the breached data included PHI such as names, addresses, dates of birth, contact information, and Medicare ID numbers. Though this breach was unintentional, it leaves one wondering, why or how do these HIPAA violations keep occurring.
Healthcare environments have many moving parts, so much so that third parties vendors with varying specialties are required in order to provide all levels of service for patients. However, the inherent danger of such partnerships is the handling of PHI through these various services. The moment an organization grants access to this data to their partners, the uncertainty of PHI hand-off ensue.
From malicious intent to basic human error, the breach of patient data can originate from many points. A vendor’s IT department could backup the PHI on a laptop for any reason. That laptop could then become lost or stolen, thus exposing patient information. Employees of third parties could also become victims of phishing scams or ransomware attacks, that makes the entire database on their internal servers vulnerable. The point really is more of a question. With such risk, how do you manage which vendors should access and store your PHI?
Our philosophy at QliqSOFT is this: If a vendor does not need PHI, then the vendor should not store PHI. That is why we developed our exclusive Cloud Pass-ThruTM architecture, which only utilizes cloud-based servers as a conduit for transferring encrypted messages between Qliq secure texting users. In contrast, legacy client-server messaging architecture stores all messages and PHI in the vendor’s cloud server creating unnecessary security risks. Keeping this data only opens vendors to potential breaches such as the one mentioned above.
To learn more about how QliqSOFT and its family of secure communication products, CLICK HERE to request a demo.