UPDATED: December 10, 2020
YOUR DATA IS AT RISK! This is a scary, but real concern. As healthcare professionals, we’re surrounded by personal and patient data. Unfortunately, privacy and protection awareness is highly focused on patient data, leaving little advocacy for travel employees healthcare data security. The responsibility is ultimately on employers and employees to avoid unsafe practices and navigate processes on their own.
Healthcare data security should be at the top of the list for all travel health professionals. The healthcare marketplace puts added vulnerability on professionals’ data, and it’s your responsibility as a traveler and/or recruiter to deploy best practices to keep everyone safe.
Healthcare travelers and their recruiters do a great deal of remote data transfer, especially during major onboarding phases, like:
1. Texting of certifications
2. Emailing credentials
3. Faxing licenses
4. Texting DOBs & SSNs
5. And more – you see where we’re going with this
Travel healthcare staffing firms, HR departments, and compliance teams collect and store thousands of healthcare professionals’ personal information for potential lead sourcing, which creates a gold mine for those pesky hackers searching to acquire massive amounts of sensitive personal data.
Names, DOBs, SSNs, medical records, banking information, addresses, and other important professional information are expected to be in an employee’s (or potential employee’s) profile. As we’ve heard in recent days, many large agencies are already suffering from data security issues and travelers are at risk of bearing the long-term costs of these issues through their lost time, worry, and potential financial loss.
There’s a time and place for using emails and texts. Many times our conversations using these channels are harmless, but when it comes to sharing personal data, you need to think twice before hitting “send”. When it comes to healthcare professionals and staffing agencies, the need for urgency encourages reckless means of aggregating and exporting data as fast as possible. Travelers and recruiters resort to convenient and swift (read: insecure) means to send and receive that info, adding to the growing number of personal data vulnerabilities from hackers.
That said, it’s not all scary and there are ways to protect your data. Let’s start with understanding “encryption”. At a top level, encryption is the process of taking plain text, and using a “key” to turn that data into gibberish (technically called cypher text). This gibberish line of information can only be unlocked if you have the encryption key.
Here’s an example:
Name: Casey Maxwell
Non-Encrypted: Casey Maxwell
Encrypted: $dbZ31dfv rz35#afva!f1dfv1dfv
While communication between you and your email provider may be encrypted, the connection from your provider to the destination server is most likely not encrypted.
When speaking about insecure texting, we are talking about SMS (short message service). Sending personal data via SMS means your information is not encrypted and can be viewed by mobile carriers or intercepted by hackers.
1. Avoid unsafe practices
2. Be wary of emailing/texting personal information and documents.
3.Read privacy policies and ensure the entities you choose to share with are using safe practices.
4. Select a credential management platform, like Kamana, that makes healthcare data security a top priority.
5. Treat your personal data with as much care as your bank data.
1. Mandate encryption of all data transmissions. Also consider encrypting email within your company if personal information is transmitted.
2. Update your technical infrastructure. Enhancing your security tools will add an increased layer of data protection.
3. Establish a written policy about privacy and data security and educate all employees in best practices. Discuss what types of information are considered sensitive and set clear expectations on recruiter responsibilities in protecting it.
4. Provide your healthcare applicants a secure, mobile-friendly way to apply and onboard with your agency, so they’re not encouraged to send this info over email.
While Kamana prides itself on being an educated team with strong data security practices, we are not a data security consultant. We recommend all healthcare professionals, individual recruiters, and staffing agencies seek dedicated support for their technical needs. It’s everyone’s responsibility to remain security minded to ensure all healthcare professionals enjoy a data-secure career.