Compared to other services like Dropbox, Tresorit’s solution is much safer, compared to manual encryption, it’s less hassle, and compared to other online services, it offers a much better overall package.
Data that’s worth more than credit card numbers
"There is not, and has never been, any risk to patient care as a result of this error," asserted junior health minister Jackie Doyle-Price in a statement to the UK Parliament in the summer of 2018. The error she was referring to was nothing short of a national fiasco. The NHS - the UK’s national healthcare organisation and the world’s largest single-payer healthcare system - had discovered a massive data breach affecting 150,000 patients. To add insult to injury, it turned out to be, for lack of a better word, an “inside job”. GPs across the UK record patient consent to their information being used for their direct care only or also for research and auditing purposes in a widely used system, SystmOne. Due to a simple coding glitch, however, opt-out patient requests had never reached NHS Digital. Meaning that their private medical data had made its way to clinical audit research.
Of course, the software was quickly debugged, victims were duly notified and apologies were issued in abundance. And, as the government official pointed out, no real damage had been done. Still, many argued that in any case, this glaring failure should have been a wake-up call for the healthcare industry and, even more so, for those in charge of industry players’ security management practices. Especially because ill-gained patient records are a hot commodity on the black market, being worth a staggering ten times the value of credit card numbers. “There should be more awareness across the industry when it comes to data protection. Healthcare data is the most sensitive information you can possibly have. And most of us definitely don’t want to share it with anyone, except maybe doctors and family,“ says Dr. Tobias Zimmermann, a medical doctor and research fellow at the Cardiovascular Research Institute of the University Hospital in Basel.
Streamlining information transfer: the case for an all-round data sharing tool
Tobias speaks from experience. As researchers, he and his colleagues work on far-reaching international clinical studies on critical areas, such as the early detection of coronary artery disease or the rapid and accurate diagnosis of cardiac syncope. For their research, members of the research institute recruit patients from all over the globe so the findings can be generalised for the world’s entire population, not just patients in Switzerland. So the stakes are high, both scientifically and in terms of IT security. “We’re working with a whole network of hospitals, centres and external partners from all parts of the world", Tobias explains. That is why finding a solution for data and information transfers which is universally available and easy to use while still keeping data safe, was key for him and his team. And as Switzerland has some of the world’s strongest privacy and data safety laws, only the highest available level of security would be good enough.
He started digging for encrypted file transfer solutions online, looking at cloud services but also stand-alone tools like PGP encryption. His undertaking was no small feat. The research centre needed a system that was easy to use and easy to implement for people of varying technical ability, and was available anytime, anywhere for transferring and managing files.
Simple, safe and user-friendly: Tresorit’s solution for better data hygiene
“I came across Tresorit and compared it to other similar service providers. It had by far the best package and service for our needs,” Tobias says. He wasted no time pitching the idea to the head of the research institute, who jumped on it right away; data safety has been a huge concern for the institute’s management. And as it turned out, fellow researchers welcomed the new solution, too. An email announcement was sent out informing them about the roll-out of the new, unified system and it was met with an overwhelmingly positive response. “At first, there were minor hiccups, of course. Some partners had trouble downloading the installer because of the hospital network’s safety instructions or couldn’t login. But once we’d smoothed these issues out, data sharing became much easier and safer for everyone,” Tobias remembers.
Today, internal and external collaborators alike use Tresorit’s file and sync-sharing tool to share and manage research-related patient data. “It easily integrated with their existing applications like Microsoft Outlook. There’s no need to use any additional complicated software to encrypt email attachments, use add-ons or split large files. People from my research group come up to me all the time and say how convenient it is,” he says. “This is an absolutely fantastic offer and help for nonprofit organizations such as ours. So compared to other services like Dropbox, Tresorit’s solution is much safer, compared to manual encryption, it’s less hassle, and compared to other online services, it offers a much better overall package,” Tobias sums up.
Interested in learning more about HIPAA compliance and the cloud? Check out the following material:
The Cardiovascular Research Institute Basel (CRIB) is part of the University Hospital of Basel’s Department of Cardiology. Its main focus is clinical research on acute cardiac conditions and improvements of established processes in many fields of clinical medicine.
Sharing confidential patient information between hospitals and with external partners over insecure channels
Everybody using different tools
Need to comply with strict industry regulations
Colleagues and partners are not necessarily tech-savvy
Secure cloud storage with the opportunity to collaborate with external partners
Built-in email attachment function with ease of use
Seamless implementation and roll-out, positive reception