My clients love sending screenshots and my staff equally enjoys receiving them. A screenshot is a great way to capture the contents of an application error message or to show the state of an application when some unexpected result occurs. From a support point of view my staff gets to see the exact error message a client is receiving. You can’t imagine how many times they hear “a box popped up and said something like unexpected error or something”. So getting a screenshot makes troubleshooting problems a lot easier.
Our helpdesk application is a SSL secure website which encrypts all information that is entered or uploaded. When clients upload screenshots I do not worry because I know the information is secure and encrypted. I have to admit that some clients are more screenshot crazy then others. They send screenshots of everything.
By now you are probably asking yourself why am I going on about screenshots? Although screenshots make providing support easier they can also be a liability. A screenshot of Microsoft Word captured while someone is revising the text of a Privacy notice is no big deal. But a screenshot out of an EMR while in a patient record could lead to a security violation. The screenshot might have a patent’s demographic information and financial information or procedure codes from the patient’s last visit.
Screenshots are so easy to capture and send, your employees could easily email a screenshot to a vendor with no encryption. One could argue that it is not as easy to get the patient information from the screenshot image sent unencrypted but I believe that all electronic patient information sent via email HAS to be encrypted.
If your practice sends screenshots to vendors to help with support issues, there are a few ways to handle the security issue.
- Make sure you educate your staff on the potential security risk that sending a screenshot could present.
- Make a policy that explicitly says that no screenshots are permitted that contain patient information.
- Implement on demand email encryption and require that all screenshots that are sent are marked as secure and sent encrypted. Products such as ZixCorp and Voltage email encryption are both relatively easy to setup and are fairly inexpensive.
- Setup TLS email encryption between your email server and your vendors’ email servers. This will ensure that all communication between your practice and your vendors are encrypted. Furthermore, require that all Business Associates setup TLS email encryption with your email server. While that may be possible with larger vendors, you might find that smaller vendors do not have the ability or skill set to implement TLS.
Whichever steps you take make sure your staff uses caution when sending any screenshot.
Related posts:
