25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Survey Highlights Challenges in Healthcare with Managing Sensitive Content in Communications

Posted By on Jul 25, 2024

Kiteworks (formerly Accellion, Inc.) has published the findings of a 2024 survey of professionals in the IT, security, and compliance sectors that has identified some of the challenges faced with managing sensitive content in communications. In healthcare, 53% of surveyed healthcare organizations said they used 5 or more communications tools for sharing sensitive content, comparable with other industry sectors, and while the same percentage of healthcare organizations believe they could track and control sensitive data when sent internally, only 44% shared that confidence about tracking and controlling sensitive data when sent externally.

When asked about the most important privacy and compliance priorities regarding the communication of sensitive data, 61% of respondents said the prevention of leakage of confidential IP and corporate secrets. Interestingly, that ranked more important than the avoidance of regulatory violations, which was a top priority for 56% of healthcare respondents. Those figures were 56% and 48% across all industry sectors. There has been an increase in the enforcement of the Health Insurance Portability and Accountability Act (HIPAA) since late 2019, and this is likely to be one of the main reasons why the avoidance of regulatory violations is higher in healthcare than in other sectors.

The extent to which sensitive data is shared with third parties and the number of third parties that receive sensitive data from healthcare organizations makes managing third-party risk a significant challenge in healthcare. 69% of healthcare respondents said they share sensitive data with more than 1,000 third parties, with 24% sharing data with between 2,500 and 4,999 third parties, and 14% sharing data with more than 5,000 third parties.

It is reassuring that healthcare organizations were among the most mature for tracking sensitive data when it leaves an application, with 74% of respondents believing they could track and control more than three-quarters of sensitive content once it leaves an application. Only manufacturers were better with 79% of respondents able to track and control three-quarters of sensitive data after leaving an application.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Even though sensitive content control was generally good in healthcare, 90% of healthcare respondents admitted that there was some or significant room for improvement with the measurement and management of compliance for sensitive content communications. The biggest compliance focus areas were the EU’s General Data Protection Regulation (GDPR) for 46% of healthcare organizations and HIPAA for 41% of healthcare organizations.

Assessing the risk of exposure of sensitive data, especially protected health information, is a key priority in healthcare and this is one of the main areas where the HHS’ Office for Civil Rights has imposed financial penalties for noncompliance. 91% of healthcare organizations said their measurement and management of security risk associated with sensitive content communications require significant or some improvement. 41% of healthcare organizations admitted to experiencing breaches of sensitive content four or more times, with 27% saying seven or more times.

When it comes to securing sensitive communications, advanced security capabilities and practices (e.g. encryption, multi-factor authentication, and governance tracking and control) are only used for some sensitive content by healthcare organizations 44% of the time. A majority of healthcare organizations said they tag and classify more than three-quarters of unstructured data, compared to 58% across all industries, although only 26% said 80% of unstructured data needs to be tagged or classified.

According to the report, a significant amount of time is devoted to managing logs generated by communications tools in healthcare. 58% of respondents said they must reconcile more than 11, with 11% of respondents admitting to spending more than 2,500 hours annually on the task and 64% spending more than 1,500 hours a year on the task.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist