Emailing That Business Document Could Cost You $100K in Fines

The way we share files is broken.

Digital documents have become a daily part of most office environments, but most employees are still share documents using E-mail or relatively insecure technologies such as FTP.

Healthcare organizations must follow strict guidelines when working with or transmitting a patient’s Protected Health Information (PHI), mandated by the Health Insurance Portability and Accountability Act (HIPAA). Financial services firms are gearing up to meet requirements for the Gramm-Leach-Bliley Act (GLBA), which helps protect consumers’ private financial information from “phishing” or “pharming.”

 “Ask a group of office workers how they would send a file securely from one person to another (with the recipient being able to easily receive and view the file), and the likelihood is that they will not know how to accomplish that task,” said a white paper by Biscom, “Secure Information Exchange in an Unsecured World. “It is not uncommon practice today for many companies to send confidential or sensitive information, files, and data across a medium that is insecure – namely email, FTP, and the Web – technologies that were not designed to address security or robust reporting requirements.”

This is both a security threat and a financial hazard in many cases, as compliance laws are making it costly to share certain documents unsecurely.

Enforcement of such regulations is on the rise, too. The first year after Sarbanes-Oxley act was in effect, 250 investigations were launched and 25 CEOs were found guilty.

GLBA violations call for both civil and criminal penalties that can reach up to $100,000 in civil penalties for each violation, so ignoring how documents are sent can be costly.

“One of the major requirements of many compliance regulations is the need to view and audit transaction records for deliveries, notification, and pickup by recipients,” notes the white paper by Biscom. “Transactions involving the content creation and editing process are also important in understanding who has created, updated, or deleted data,” so even secure FTP options are not enough in many cases.

What’s needed is a product like Biscom Delivery Server, which provides a solution for sending and receiving files and messages from point to point over a secure connection. Authentication and tracking give system administrators fine grained reporting capabilities. An open, Web service like API provides easy integration with existing applications and databases, and is compatible with almost any language or computing platform and environment.

Email just doesn’t cut it, nor does ignoring the issue of secure document sharing.

“With the increased enforcement of compliance regulations, a growing number of hackers attempting to steal confidential data, SPAM filters removing valid messages, and additional strains put on email servers, a system that can provide better security and make communications more efficient is becoming increasingly more valuable and necessary,” noted in the whitepaper.

For more on the topic, download the white paper here.