Secure Messaging via the Cloud and Mobile Devices

April 21, 2011
| Reprints
Data Security Issues Emerge with New Technologies

EXECUTIVE SUMMARY:

The secure messaging space is alive with new innovations that are moving the industry forward. Key in this space is the push toward moving secure messaging to the cloud and pushing it out to mobile devices. Among the examples are solutions that allow physicians to receive encrypted email on mobile devices, as well as ones that allow doctors to securely text-message each other to coordinate care. However, the security issues around these emerging technologies in this very active space must be further explored.

With more and more clinical information systems moving to the cloud, a small but growing number of healthcare organizations are also moving their core email messaging systems to the cloud. According to the Cambridge, Mass.-based Forrester Research, the main players in the cloud email space are Google Apps, Microsoft's Exchange Online, Cisco's WebEx Mail, and IBM's LotusLive Notes.

JUST SWITCHING OVER TO GOOGLE GOT THE SERVERS OUT OF OUR DATA CENTER AND INTO THE CLOUD, WHICH MEANS LESS ADMINISTRATIVE OVERHEAD FOR EMAIL AND MORE TIME TO SPEND ON THE CLINICAL APPLICATIONS THAT WE MAINTAIN HERE. -JON ROENICK

When the Westminster, Md.-based Carroll Hospital Center started experiencing reliability and performance issues with its email, alternatives to its legacy Novell GroupWise (Waltham, Mass.) messaging system needed to be investigated. Slow email, even slower servers, and increasing amounts of monthly maintenance, were becoming too much for the 195-bed hospital to handle.

Hunt Regional Healthcare, which has a main 202-bed hospital in Greenville, Texas and a 24-bed critical access hospital in Commerce, Texas, had been using IBM's Aptrix messaging system. The hospital had a hybrid system, an external, Internet-facing email and an internal exchange server for personal health information (PHI). “Either possibly with a case of ignorance or maliciousness, the capacity of some user to be able to send unencrypted PHI was just looming greater and greater on the horizon, so we had to do something,” says Joe Hartley, director of information systems at Hunt Regional. Hartley also cited outages before and after Aptrix's acquisition by the Cambridge, Mass.-based IBM as another reason for moving to Google Apps.

EFFICIENCIES IN THE CLOUD

Those interviewed for this article cite many efficiencies that the cloud can provide their messaging services. Jon Roenick, systems engineer at Carroll Hospital, says his organization's new cloud-based messaging system has more storage than the legacy system, and email doesn't have to be deleted as regularly. “Just switching over to Google got the servers out of our data center and into the cloud, which means less administrative overhead for email and more time to spend on the clinical applications that we maintain here,” he says. Carroll Hospital was also able to get rid of the BlackBerry (Research in Motion, Waterloo, Canada) server, and save approximately $100,000 yearly with the switch.

Greg Walton
Greg Walton

For legal purposes, Carroll Hospital retains emails for 10 years. Doing this in the cloud with Google's Message Discovery tool makes compliance much easier and more cost-effective, according to Kim Moreau, assistant vice president of information systems. With 11,000 accounts to migrate, Moreau says there were only a couple of blips along the way. To avoid unforeseen problems, she set up “lunch-and-learns” to educate her users, but many of them were already familiar with Gmail's functionality.

WE STILL HAVE A LOT OF INSTITUTIONS THAT DON'T HAVE DLP AND THAT ARE ALLOWING WEBMAIL. IT'S BASICALLY A BACKDOOR FOR SENSITIVE DATA TO LEAVE WITHOUT ANY ENCRYPTION. - MAC McMillan

Mac McMillan, chair of the Privacy and Security Steering Committee of the Chicago-based Health Information and Management Systems Society, notes that Google's commercial products have good security track records, as data are stored in encrypted volumes, and when paired with Google's Postini security and encryption products, it's an even better option.

Page
of 4Next
Topics