Top Tips for Protecting Patient Documents in Call Centers

By Mia Papanicolaou

Healthcare call centers play a vital role in servicing patients, improving patient-practitioner communication, and leveraging operational efficiencies to contain healthcare costs. The steady digitization of patient records has brought about significant improvements in service efficiency and patient care. While inevitable, this digital transformation introduces new challenges associated with safely storing, processing, and sharing documents containing personally identifiable information (PII) and protected health information (PHI).

The healthcare sector holds the unfortunate position of having the “highest number of data breach incidents compared to other industries.” Incidents such as the LA hospital ransom attack and the database breach at Anthem Inc prove that healthcare data presents an attractive target for cyber-criminals, allegedly fetching a ten to twenty times higher premium in the black market over commonly hacked credit card data.

Despite the risks, healthcare providers and their outsourced call centers are compelled to make documents easily accessible in order to provide quality customer service. In addition, patients themselves are demanding the ability to access their own records through channels such as email, web, and mobile apps.

However, moving to digital documentation should not pose an automatic risk of breaching highly confidential patient information. In fact, if implemented correctly, a digital document management solution offers significantly more security and control than traditional document management systems.

Patient documents need to be protected at all points in the digital journey, whether stored in a document repository, accessed at the call center, travelling via the Internet, or sitting on the patient’s own computer. This can be achieved using a combination of encryption technologies, password protection, access control, and education.

Here are five top tips for protecting patient documents:

Tip 1) Control access at the document level: A digital document management solution should offer multiple layers of access control that enable a healthcare call center to compartmentalize and restrict access to different patient documents. Agent clearance should dictate what functions staff can perform on a document: view, download, or share. As an example, certain private patient records can be password protected so that the only access within a call center is the ability to send the document to the patient when requested, rather than let the agent view the details of that document.

Tip 2) Provide ongoing agent education: The easiest way for criminals to breach security and access a repository of confidential documents is by tricking or compromising an employee. In a call center environment, which suffers from high employee turnover, this fear is compounded. Be sure all agents understand and operate by the security guidelines when it comes to accessing and sharing patient documents. Constantly reinforce that one should never click on links or open documents from an unknown source as this is a common method used to install malicious software that effectively puts the hackers inside the secure network.

Tip 3) Use multiple layers of protection: As cybercriminals continue to get smarter, traditional network and database security is not sufficient. To truly secure patient documents, multiple security layers are required, to the point of encrypting and protecting each individual document even if it resides on a secure network. This also ensures that information sent via email between a call center agent and patient cannot be compromised if intercepted or sent to the wrong recipient. It also protects the document               1) against unauthorized access from someone inside the network; 2) if a call center agent doesn’t have sufficient rights to view patient information; and 3) if a compromised employee or a hacker is using stolen, but valid, credentials.

Tip 4) Help patients secure their documents: Make it a policy to never send or store unprotected documents containing confidential information. An emailed or downloaded document is saved automatically on certain devices and if unprotected, it becomes vulnerable if the device is hacked. Assist patients with safeguarding their information even when it resides on their own computer by distributing only encrypted and protected files; train call center staff to let patients know the importance of this protection.

Tip 5) Enforce a strong password policy: In order to secure patient documents from all vulnerabilities, a strong password approach is essential. This applies to the password an agent uses to access internal systems, the one a patient uses to log onto a self-service portal, or even the password used to open an individual document. If the password is weak, all other security is bypassed. Educate agents and patients on the value of using only strong passwords and the risks of using easily cracked passwords such as “123456,” “abc123,” or “password.”

The demand for anytime, anywhere access may be patient driven, but digital transformation is highly beneficial for a healthcare call center seeking to boost efficiency, improve communication, and enhance the patient experience. By taking advantage of these simple security tips, a call center will not only be able to deliver a strong customer service experience, but also provide the technologies needed to safeguard their information.

Mia Papanicolaou is chief operations officer for document security specialist Striata Inc. Mia joined Striata in 2006 and having worked in Africa and the UK, now heads up North, Central, and South American operations. Striata provides strategy, software and professional services that enable digital communication across multiple channels and devices. Striata technology secures, sends, and stores confidential documents.