Issue link: https://securitytechnologyexecutive.epubxp.com/i/690996
12 SECURITY TECHNOLOGY EXECUTIVE • May/June 2016 www.SecurityInfoWatch.com CYBERTECH UPDATE Mia Papanicolaou is Chief Operations Officer for document security specialist; Striata Inc. Papanicolaou joined Striata in 2006 and having worked in Africa and the UK, now heads up North, Central and South American operations. She is a regular speaker on her areas of expertise – secure electronic document delivery and email marketing. H B y M ia Pa p a nic o la o u ealthcare call centers play a vital role in ser- vicing patients, improving patient-practi- tioner communication and leveraging oper- ational efficiencies to contain healthcare costs. The steady digitization of patient records has broug ht about significant improvements in ser vice efficiency and patient care. While inevitable, this digital transformation introduces new challenges associated with safely storing, processing and sharing documents containing person- ally identifiable information (PII) and pro- tected health information (PHI). The healthcare sector holds the unfortunate position of having the "highest number of data breach incidents compared to other indus- tries". Incidents such as the LA hos- pital ransom attack and the data- base breach at Anthem Inc. prove that healthcare data presents an attractive target for cyber-crimi- nals, allegedly fetching a 10 to 20 times higher premium on the black marke t over commonly hacke d credit card data. Despite the risks, healthcare pro- viders and their outsourced call centers are compelled to make docu- ments easily accessible in order to provide quality customer ser vice. In addition, patients themselves are demanding the ability to access their own records through channels such as email, web, and mobile apps. However, moving to digital doc- umentation should not pose an automatic risk of breaching highly confidential patient information. In fact, if implemented correctly, a digital doc- ument management solution offers signifi- cantly more security and control than tradi- tional document management systems. Patient documents need to be protected at all points in the digital journey. Whether stored in a document repository, accessed at the call center, traveling via the Internet Tips for Protecting Patient Documents in Call Centers Attention to security details can help call centers safeguard patient information (continued on page 14) or sitting on the patient's own computer. This can be achieved using a combination of encryp- tion technologies, password protection, access control and of course, education. Here are 5 top tips for protecting patient documents: Tip 1: Control access at document level A digital document management solution should offer multiple layers of access control that enable a healthcare call center to compartmentalize and restrict access to different patient documents. Agent seniority or clearance should dictate what functions he/she can perform on a document: view, download or share. As an example, certain private patient records can be password protect- ed so that the only access to a call center is the ability to send the document to the patient when requested, rather than the agent being able to view the details of that document. Tip 2: Provide ongoing agent education The easiest way for criminal to breach security and access a repository of confidential documents is by tricking or compromising an employee. In a call center environment, which suffers from high employee turnover, this fear is compounded. Be sure that all agents understand and operate by the security guidelines when it comes to accessing and sharing patient documents. Constantly rein- force that one should never click on links or open documents from an unknown source as this is a common method used to install malicious soft- ware that effectively puts the hackers inside the secure network. Tip 3: Use multiple layers of protection As cybercriminals continue to get smarter, tra- ditional network and database security are not sufficient. To truly secure a patient's documents, multiple security layers are required, to the point