Confidentiality, Privacy and Security

Data Leakage

  • 1.  Data Leakage

    Posted 06-16-2020 15:08


    Hi
    Is anyone auditing emails to external parties our cloud based sharing platforms such as Box or Dropbox to ensure that PHI or sensitive data is not leaking out of the organization?  If so, who performs these audits?  Thank you!

    ------------------------------
    Dana Williams
    Privacy Officer
    Baptist Health
    ------------------------------


  • 2.  RE: Data Leakage

    Posted 06-17-2020 11:48
    Dana,

    We block access to sharing platforms such as Dropbox.  We allow a few exceptions, which must be pre-approved by the manager and Privacy Officer, for individuals  who need access to Dropbox for their job role, such as the Marketing Department.  These individuals provide a signed confirmation that they understand no PHI or proprietary information  will be transmitted to or stored on Dropbox.


    ------------------------------
    Dana DeMasters, MN, RN, CHPS
    Privacy/Security Officer
    ------------------------------



  • 3.  RE: Data Leakage

    Posted 07-04-2020 08:36
    Dana...I am seeing more organizations put some type of automatic scanning application in place to review for possible PHI or other sensitive information sent by unsecured email.  Like many systems, these typically scan for alphanumeric strings of characters/numbers that may represent PHI or sensitive information.  Since these applications "sit on top" of the subsystems that manage email functions, often IT is centrally involved.

    When these applications identify a "hit", these hits which include the email and its attachment(s) are sent to the Privacy Officer for review.  These can be very effective because often the emails are getting sent to the intended recipients...but...people sometimes get lax sending them in a secure manner.

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------