Cirius Blog in


Update: For our readers who have a subscription, an adapted version of this article was recently published on


Closing the Door on Patient Data Breaches – One Email Message at a Time

Sometimes million dollar problems can be solved with simple solutions. As one of the most common collaboration tools available today, email also represents a huge Achilles heel for healthcare organizations who may find themselves under investigation for inadvertently leaking patient information through this common tool. As email is often the first choice for exchanging patient information, HIPAA’s goal to secure patient data underlines the need for healthcare organizations to secure their email communications.

In California, several hundred patients learned that their personal health information had inadvertently been leaked and was now viewable on internet search engines.

In New York, theft of an employee’s cell phone exposed patient email addresses when it was discovered that the staff member had not complied with the hospital’s security policies. While the employee had used password-protection, encryption was not applied.

In Wisconsin, a chiropractic clinic was forced to notify 3,000 patients when personal data was removed by a contractor.

In fact, turning to any internet search engine with the query “breach of patient data” will yield you more than 3,000,000 hits. Shockingly, the first page of search results list incidents that have occurred anywhere from the past few days to the past few hours. Patient data loss is a daily occurrence that impacts patient privacy while exposing medical clinics, hospitals and personnel who are usually liable for the breach.

As more and more health organizations turn to electronic records and online collaboration to share information in an effort to transform healthcare for patients, the opportunity for mis-use or loss of data increases. According to Healthcare IT News, the numbers are growing at a phenomenal rate – 29.3 million or an increase of 138 percent of HIPAA data breaches between 2012 and 2014 have been reported. And an equally frightening number are the penalties facing healthcare organizations as millions of dollars in fines are now being levied every year.

Dig a little deeper into some of these stories of patient privacy violation and you often find a common culprit. Email. The very bedrock of how we expect to communicate leaves us vulnerable to attack from a variety of sources.

Understanding how best to secure your email communications means finding ways to incorporate solutions that align to user behaviors. While educating staff on security policies and procedures is critical, when dealing with hundreds or thousands of full and part-time staff, contractors and volunteers, ensuring that those policies are always adhered to can be like chasing confetti in a Chicago windstorm – a certain percentage will probably get away.

Fortunately, there are solutions designed to harness the problem at its root by wrapping an unobtrusive layer of protection around your email communication platforms and protecting both your employees and your organization with filtering, permission rules and authentication to prevent transmission of sensitive information. And in many cases, it even includes the ability to “call back” the secure messages and attachments after the fact – like bringing the horse back into the barn after the door has been closed.

Many of those solutions are quietly being developed on the backs of technology giants like Microsoft who have invested millions of dollars to ensure their technology platforms such as Azure have designed features that support HIPPA compliance at the most fundamental levels.

Microsoft Azure was the platform selected by Cirius to build secure messaging solutions for healthcare because it enhanced their capabilities to deliver efficiency, agility and scalability while enabling the highest levels of data security features. It represents exactly what healthcare organizations need:

  • the commitment of technology leaders to deliver foundational platforms that support HIPPA compliance initiatives;
  • thought leadership from software application providers who can deliver unique solutions designed to stop data breaches before they begin.