Secure Health Information Exchange (HIE) Doesn’t Have to be Complicated


What are the options for individual physicians and doctors’ offices when it comes to securely sharing information electronically with other healthcare providers? It seems for many it’s not entirely clear what standards and technologies can be used to support and ensure security compliance when it comes to health information exchange (HIE).

As a recent article on points out, sharing secure health information between physicians can only be done when those healthcare providers are within the same “electronic community”. While factually this statement is correct, it is somewhat misleading because it implies that being in the same electronic community is more complicated that it is. If you know the email address for the person to whom you want to send information securely, you are in the same electronic community. It doesn’t need to be more complicated than that.

There are many established HIE communities, but what happens if a physician wants to securely send patient data to a healthcare provider in another state or even another country outside of the HIE community? Today’s encryption and message control tools take this into consideration. As long as you have a person’s email address it is not only possible, but also easy and inexpensive to send secure messages and file attachments that support compliance with HIPAA security requirements.

Some of these tools – and Cirius is one of them – work seamlessly directly within existing email software like Microsoft Outlook, Office 365 and Gmail. This is important because it means users keep the same email address and never have to leave their regular email when they want to send a message securely. What’s more, these products often include a host of other control features that add far greater value from both a business and security perspective than compliance-level encryption does alone.

For example, in addition to message encryption, users are able to totally and instantly recall a message sent in error even after it has been opened. This feature is crucial because even if you are sending content securely to someone within your electronic community there is still a chance for errors such as sending to the wrong contact or a typo in the email address. Encryption solutions alone won’t prevent this from happening.

Also, central to creating a secure communications loop for exchanging sensitive information is the ability to track and see in real-time the moment a secure message is received at its destination. This feature, too, is not necessarily something included with all encryption products so it is best to check with the solution provider.

Additionally, the ability to add an optional second password to a secure email is one of the most effective ways to ensure no one but the receiver can access the encrypted message. This second password is provided directly to the recipient using a means other than email (such as by telephone or text message) so that the sender has 100% certainty that the intended recipient – and no one else – received the email.

The bottom line is that with the growth in cost-effective cloud-based security solutions, accessing the best email encryption tools to protect communications and support compliance does not have to be confusing, expensive or complex.