Any commercial entity working in the healthcare sector – including dentists, dental practices, and their business associates – is required by law to take adequate precautions to safeguard the protected health information (PHI) they store, transmit and process, as dictated by the Health Insurance and Accountability Act (HIPAA). WeTransfer is one of the most popular file-sharing solutions in the world, used by millions of people every day. But is WeTransfer HIPAA compliant – and can dentists use it to send files containing electronic PHI (ePHI)?
What Is HIPAA?
HIPAA was first signed into law in 1996 in a bid to set out data protection guidelines with which healthcare companies must comply when handling PHI. In this context, PHI refers to all information that an organization holds regarding the medical history of a patient, including data relating to any conditions a person has suffered from and any treatment they have already received or may receive in the future. Additionally, PHI also encompasses the individual’s insurance data, bill payment information, and anything that might be defined as sensitive.
With the changing landscape of technological advancements have come significant changes in the way that businesses store and share such information. To accommodate those changes, HIPAA has been revised and expanded several times in the intervening years since its inception, with provisions now made to cover the processing of ePHI as well.
Although the legislation is quite complex, it basically boils down to implementing the following three safeguards when handling PHI and ePHI:
- Administrative safeguards: a company’s internal policies and procedures geared towards achieving overall compliance with HIPAA.
- Physical safeguards: the physical defenses that a company has put in place to stop unauthorized access to the data in question.
- Technical safeguards: the technological safeguards that are adopted to protect the integrity of file sharing, storage, and other communications made over open networks.
It’s this latter aspect that is of particular concern to healthcare companies such as dental practices when they outsource their file transfer and storage needs to a third party, like WeTransfer. HIPAA is a legal requirement and non-compliance can result in substantial fines, lawsuits, reputational damage, and a loss of business. So, is WeTransfer HIPAA compliant?
Is WeTransfer HIPAA compliant?
The short answer to this question is no. With its headquarters in Amsterdam, WeTransfer has rapidly grown in popularity over the last decade and it now services millions of clients sharing billions of files all over the world on a daily basis. However, the system has not been set up to cater specifically to the healthcare sector in the US, or even to comply with American legislation. As the company itself explains: “We are not HIPAA compliant because it focuses on medical data and our service was primarily built to cater to creative minds. Also, we have a global audience to cater to and it has proven to be quite difficult to make exceptions on a country-level. Since we are not bound by US laws, we aren’t obliged to comply with HIPAA regulations.”
This means that dentists, dental practices, and their business associates cannot use WeTransfer. HIPAA is rigorously enforced across the USA and failure to comply will incur severe consequences.
What Happens if I Use WeTransfer Anyway?
Any dentist who forgoes the HIPAA regulations and uses WeTransfer to share sensitive information on their patients is liable for prosecution. Not only could this take the form of an initial fine for failure to prevent an avoidable breach in data security by not complying with HIPAA legislation, but failure to address the issue within 30 days could see them face criminal charges. As for the fines themselves, these are imposed by the Office for Civil Rights and can reach a maximum of $1.5 million for every year that the violations took place, per category of violation. To date, the largest fine imposed on these grounds was issued to health insurer Anthem, after a 2015 breach saw the health records of 78.9 million individuals become compromised. Anthem reached a settlement with the OCR for $16 million and was reported to have paid a further $115 million to settle lawsuits from affected parties.
Clearly, such eye-watering sums represent the extreme end of what can happen if a dental practice fails to comply with HIPAA data protection legislation by using WeTransfer. However, even a mere fraction of that sum would be more than enough to bankrupt most smaller enterprises, meaning an alternative solution must be found for any business serious about staying on the right side of the law.
What Other Options Are Available?
The best course of action for any dentist wishing to remain HIPAA compliant when handling their patients’ sensitive information is to use a specialist service dedicated to the purpose. This means identifying a data storage, backup, and file-sharing company that has HIPAA compliance baked into its DNA. Not only will this ensure that your patients’ important data is kept safe from the unwanted attention of cybercriminals, but it will also ensure your business remains compliant with HIPAA.
Central Data Storage
Fortunately, help is at hand in the shape of Central Data Storage, or CDS for short. Launched in 2008, CDS represents the gold standard when it comes to providing HIPAA compliant data storage, online backup, disaster recovery, and business continuity in the healthcare sector. CDS was set up with the specific purpose of safeguarding ePHI for HIPAA covered entities and their business associates, making CDS an ideal choice for any dentist looking for a viable alternative to WeTransfer.
Best of all, CDS offers a free trial of its backup and recovery services for anyone who wishes to test out its wares before committing to a monthly or yearly plan. After taking advantage of the free month-long trial period, you can migrate to CDS’ Pro or Enterprise plans, meaning you’ll never have to worry about HIPAA compliance ever again.
Discover more about what CDS can do for your business today.