Posted on July 24, 2019 | | Categories: Compliance
Are you part of a health agency or healthcare organization in New Zealand that uses traditional fax machines or other insecure data transfer methods to share patient information and communications? If so, you’ll want to pay close attention to the January 2020 and December 2020 deadlines for compliance with the Ministry of Health’s Health Information Security Framework (HISF) Chapter 8.
HISO 10029:2015 Health Information Security Framework is a standard for the New Zealand health and disability sector, published in December 2015. The standard is governed by the Health Information Standards Organization (HISO) which was established in June 2003 as a committee operating under the authority of the Ministry of Health and is accountable to the Chief Technology and Digital Services Officer. A recently released requirement in HISF Chapter 8 (Communications) dictates that health agencies should retire analogue fax machines for external communication by December 2020. The organisation asserts that all PII (patient identifiable information) must be protected at rest and in transit. With traditional email and fax listed as two of the most commonly used tools for transmitting patient data in the healthcare industry, their aim is to address the issue of non-compliance with security requirements as outlined in the HISF standard.
The specific implementation guidance on securing digital communications provided by HISO also states that health agencies are required to comply by enabling TLS version 1.2 or later on email servers with incoming or outgoing email connections over public internet by January 2020. Additionally, and effective immediately, healthcare agencies should not purchase any new analogue fax machine equipment and implement a secure, approved digital alternative by December 2020. Among the recommended alternatives to analogue fax are digital solutions that provide secure email scanned documents, secure messaging, and/or secure collaboration.
GoAnywhere Managed File Transfer (MFT) addresses the overall objective in HISF Chapter 8 in multiple ways:
GoAnywhere MFT’s Secure Mail enables health agencies and other security-conscious healthcare organisations to transmit messages, files, and attachments through secure channels with the convenience of email functionality. Health professionals can transmit protected health information over TLS version 1.2 connections to provide a link to sensitive data. Secure Mail enforces authentication restrictions on the recipient to ensure that confidentiality is not compromised. Until the data is retrieved by authorised recipients, the contents are encrypted at rest using strong AES 256-bit ciphers. Secure Mail offers greater protection than traditional email, removes file size limitations, and provides a valuable encrypted email tool to ensure compliance throughout your organisation.
Your team can access and send Secure Mail messages via our web browser interface or utilise the plugin for Microsoft Outlook to send ad hoc messages and data back and forth between patients, other healthcare offices and vendors such as insurance companies or pharmacies. Granular permissions controls, plus detailed audit logs enable you to keep track of every transfer.
Protecting the confidentiality and integrity of data at rest is a constant challenge facing organisations operating in the healthcare sector. GoAnywhere MFT’s Secure Folders offer an easy to use solution for protecting sensitive data at rest across your healthcare agency’s enterprise and allowing for secure collaboration as dictated by HISF Chapter 8. Secure Folders enables web users to store and access sensitive data through an easy-to-use online interface. Data is encrypted using strong AES 256-bit encryption on enterprise storage locations, even in commercial cloud environments if desired. Data at rest is then accessible by authenticated and authorised users via a browser interface over HTTPS. By integrating Secure Folders with other GoAnywhere MFT features, your organisation can safeguard data throughout its lifecycle as required by HISF.
The GoDrive module further compliments GoAnywhere’s file transfer capabilities by offering a secure means to share and collaborate on files between networked and authenticated devices. File permissions can be restricted by administrative users as necessary to maintain the confidentiality of sensitive health data while also applying strong AES 256-bit encryption. Folders can even be securely shared to mobile devices through the convenient GoDrive solutions for Windows, MacOS, or the mobile app. In the worst-case scenario of a lost or compromised device, GoDrive can even remotely remove access to files and wipe folders if necessary.
The Secure Forms module allows you to create and embed forms on a web page so that you can simplify the process of everything from inputting new patient information, to standardising follow up documentation and communication, or requesting information and large attachments from patients.
GoAnywhere can be installed on nearly any platform on premises or in the cloud, allowing for your healthcare agency to easily deploy the software in minutes. No programming skills are required. The intuitive browser-based web interface with easy drag-n-drop functionality, plus detailed documentation helps get your team up and running quickly.
Compliance with the requirements of HISF Chapter 8 can be a simple transition with the implementation of GoAnywhere in your network. GoAnywhere Managed File Transfer is scalable to accommodate the needs of healthcare agencies of all sizes, plus it can be customised to your budget and needs to include only the modules and features that suit your organisation.
If you’d like to learn more, we invite you to request a custom demo where we can show you exactly how GoAnywhere can help your organisation, or if you prefer to try it on your own, feel free to download a 30-day free trial from our website.