Security Risks with PHI Transmitted by Messaging and Call Centers

Author: Matt Ferrari
Chief Technology Officer

In my work, I see a lot of hospitals, from very large ones with 5,000 or more physicians to very small practices with five or fewer doctors dedicate time and energy to security and compliance, and yet overlook a huge gaping hole that opens them to risk: answering services and call centers provided by third-party vendors.

Are you one of the vulnerable practices? It’s eye-opening to consider that PHI is being transmitted via phone and text without security measures in place as patients’ names, dates of birth, phone numbers, images and more are stored on answering service machines and transmitted unsecurely via text to and among physicians. Yet, it’s critically important that physicians and care providers quickly get patient queries to understand and diagnose the urgency of a patient condition.

Because of that, I’m excited to share the fourth in my CTO Talk series on HealthCareNOW Radio (with previous episodes streaming on-demand via SoundCloud) with Callidus Health co-founders Dr. Ganesh Elangovan and Gerrit Adams. In a best-in-class example, these two have created a cloud-based clinic communication solution that is speeding medical care to patients in need, while securing their PHI in the process.

I don’t think many patients fully grasp how complex the back end of making EMRs (electronic medical records) secure actually is. The Callidus CareLINK system efficiently captures the recording of the call and quickly transcribes it, links it to the right physician, labels and structures the data and does it all on a fully cloud-based platform using IOS or Android systems where nothing lives locally on machines. They’ve spent considerable time and resources really thinking through where the data goes, where it lives, when it expires, how notes are taken and stored, and what happens to image storage.

It was their goal to build their CareLINK platform on top of AWS.  They made it clear when they partnered with ClearDATA that they did not want to have to devote time and energy to thinking about the compliance / security concerns, but instead wanted to focus on building a great patient experience, and leave the security to us at ClearDATA. I think we can all benefit from learning more about their process in this podcast.

One of many advantages of being part of the ClearDATA team is we get selected to partner with innovators like this that are changing the way healthcare is delivered. CareLINK’s first cloud provider actually went down for two days, which led Callidus on a search to find a healthcare-specific, HITRUST, HIPAA-compliant cloud platform with relentless up time, as their work is clearly mission-critical. As we do our job, we can get the details of security and compliance out of their way, so they can innovate at scale.

What they’re doing is changing and protecting the way patients quickly get care, and the road ahead looks equally as exciting as they use the data and technology to increase patient engagement. Everybody wins on this one.

Give it a listen on HealthcareNOW Radio here, Monday-Friday at 7 a.m., 3 p.m. or 11 p.m. ET from Jan 22 – Feb 26. Stream my past podcasts covering SRAs, incident management and more here, available on demand. You can learn more about our work with Callidus in this case study.

Thank you for subscribing!