Protecting patients means protecting their data. In healthcare, the aftermath of a security incident is about far more than the bottom line. Data loss events can have a devastating impact on the victim. Suppose we stay true to the mantra of "do no harm" in the medical field - this concept must now be applied to cybersecurity.
However, innovation shouldn’t be dependent on behavioural change. Today, we see the very prospect of new IT causing stress and frustration for teams as they prepare to undertake hours of training and navigate complex new workflows to manage the simplest tasks.
As demand on services increases, every opportunity to power data driven decision making and cohesive communication across siloed teams must be seized. It’s time to take a more progressive approach to data security, with technology built to empower efficiency, security and improve patient care.
In this report, we will investigate the challenges and opportunities of smart technology for every clinician, patient and team within an integrated care system (ICS).
One click, catastrophic consequences: Data incidents in the NHS
St George's Hospital in Tooting hit the headlines last year when an 82-year-old cancer patient’s data was accidentally leaked by email. Details regarding Edmund Pillay’s health were shared with close family members without his permission. St George's Hospital provided £2500 in compensation.
Incidents of this nature are more common than many of us realise. According to research, data leaks associated with the UK NHS have doubled in recent years, with 669 reported incidents in 2021.
It isn’t solely service users who have experienced the fallout of a data incident. Recently, the data of an estimated 14,000 employees at an NHS hospital trust was leaked via email due to human error, according to reports.
While healthcare organizatons have been the target of a number of targeted attacks, (for example, the Conti ransomware attack which disrupted Ireland's healthcare service), arguably the most damaging and distressing data loss incidents can be caused by a well-meaning member of staff accidentally clicking the wrong button.
The dark side of technology for clinical staff
In a recent report, we investigated how healthcare professionals are balancing patient care and cybersecurity. 99% of healthcare professionals stated they want to be free to focus on patient care, but feel that technology takes time away from their core tasks.
In total, almost half of the healthcare professionals we surveyed said communication channels have increased over the past two years, and that too many data sharing and collaboration tools are the greatest cause of data security worries. We also found that over-investment in new technology can increase feelings of stress and overwhelm in the workplace.
On the other hand, email remains the preferred option for communication across healthcare organizations, with 88% of respondents stating email is crucial for their day-to-day roles. What’s more, most employees consider email to be the most secure way of sharing sensitive data.
However, as evidenced by the real-life examples highlighted above, we also uncovered the glaring issue that can't be trained out of staff: human error. Over the past two years, 30% of healthcare workers have sent a wrong attachment, 27% have hit "reply all" on an email by mistake, and 20% have sent sensitive information via email that they admit they probably shouldn't have. Indeed, according to the ICO, healthcare continues to lead the way in reported data incidents.
And this should come as no surprise. Naturally, above all other sectors, healthcare employees handle vast quantities of sensitive data every day. The answer does not lie in reducing the amount of data these employees share - instead, the focus must be on enhancing existing digital channels to ensure security, compliance and enabling better communication for clinicians and their patients.
“For us, Zivver is part and parcel of a wider suite of security tools available to us, most of which are invisible to our staff. And while employees know they are using Zivver, due to its integration with Outlook, they don’t have to think about it, because it makes achieving digital communications security so effortless.” West Suffolk NHS Foundation Trust
Communications across siloed teams
It is time to change our mindset. Patient care must comprise of both the physical and digital worlds, with two areas of focus:
- Time-poor staff must be empowered by technology to protect patient data and engage with patients in a user-friendly, accessible manner
- This same technology must drive efficiencies for staff, enabling them to focus on patient care without being distracted by digital security and compliance
Both health and social care are complex systems composed of millions of interactions and connections that are neither uniform or standardized. As the NHS undergoes one of the biggest and most ambitious reforms since its inception, success will rely on the cohesion of care providers, connecting with one another and with their patients.
Establishing interoperable technology to empower reliable, consistent and compliant communication between separate organisations and teams will enable the best outcomes of patients.
With demand at an all time high and workforces stretched thin, this needs to be done in the most efficient way possible, without breaking service delivery.
Will this be achieved through big IT systems and apps? No.
It will be best served through simple but effective, tried and tested IT infrastructure.
Zivver and the NHS: The platform in practice
Used by thousands of healthcare organizations globally, Zivver empowers clinical services to securely and accessibly support patients through smart, effortless, secure email and file transfer. With multi-factor authentication and advanced encryption inbuilt into existing email clients (Outlook, Gmail), Zivver empowers separate healthcare agencies to engage with each other, and with patients, securely and easily.
From enabling two-way secure communication between GPs and patients, to reducing wait times in outpatient care, Zivver powers progressive, secure communication across integrated care services (ICS), including for:
- Hospital outpatient services
- Primary and community services
- Local communities
“Zivver integrates with Outlook and enables us to send large files straight from the email client. This comes in useful for many of our employees. For example, our Subject Access Request Team fulfills requests of all sizes; they can vary between 50 and literally thousands of documents. Historically, we have posted these, which is both time-consuming and very costly. We have also used a bespoke file transfer site but this has proven less than user-friendly for recipients. Zivver saves time, ensures best practice on a data protection front, and is easy for patients.” Royal Papworth Hospital NHS Foundation Trust
Let’s examine some real life use-cases to better understand the opportunities of Zivver for ICS delivery:
Hospital outpatient services
Outpatient care has never been under more pressure, with record waiting times and a growing need to efficiently prioritise patients requiring urgent care.
Zivver empowers outpatient services to better support their caseloads, and enhance secure interactions remotely. Here's how.
Checking in on tonsils
The challenge
Patients experiencing issues with their tonsils require consistent care from their ear, nose and throat (ENT) specialist. It is likely they will be symptomatic at different points during their wait, making it difficult for clinicians to prioritise waiting lists and deliver timely care.
Solution:
With Zivver, patients can share videos, documentation and images with their ENT specialist securely and easily. Zivver enables large file transfer up to 5TB, allowing patients to supply a large quantity of high quality images and video files if needed.
Benefits:
- Patients can demonstrate symptoms as and when they are symptomatic.
- Data is shared securely and can be stored digitally, creating a secure and reliable record of patient symptoms to aid care delivery plans. Files can be shared securely with other teams and clinicians if needed.
- Specialists can identify and prioritise urgent cases, improving wait times and patient treatment.
“One of the main things that attracted me to Zivver was the fact that it enables two way secure email. This means that not only can our employees email securely, but non-Zivver users outside of the trust, including patients, can email our staff securely, too. Zivver makes this really easy. Recipients don't need to create Zivver accounts or log in to any portals. It’s as easy as replying to an email! Previously, this hasn’t been possible but this functionality is beneficial for so many reasons.” Royal Papworth Hospital NHS Foundation Trust
Primary and community services
Care in the community is rapidly changing, with local PCNs and community services looking to offer support closer to home and interact in new ways. For patients receiving longer term care or on specific pathways, remote support can be hindered by a lack of effective and digitally inclusive communication channels. Zivver empowers local services to securely and reliably communicate with patients remotely. Here's how.
Children’s Speech and Language Therapy (C-SaLT)
Challenge:
Children’s Speech and Language Therapy (C-SaLT) services often struggle to assess child stammers as symptoms often do not happen on command and video consultations aren’t always viable.
Solution:
Zivver enables two-way communication with patients, allowing parents to securely send recordings of their child in real-time to the C-SaLT team.
Patients don’t need to create accounts to use Zivver. They can send secure emails and files by clicking a link provided by the care team or by responding to a clinician’s email.
Zivver also enables patients and doctors to send large files (up to 5TB) securely by email.
Benefits:
- For both patients and clinicians, email is familiar and user-friendly.
- With advanced encryption, two factor authentication (2FA), expiration controls, and recall functionality, clinicians and patients can rest assured their data is protected.
- From the comfort of home, patients can engage with their clinicians conveniently and effortlessly. Zivver empowers care teams to deliver remote care and support, saving time and improving care.
“Not only do our employees love it, but we’ve had great feedback from patients, too, through clinicians. These are people who had previous experience with our old solution; they were keen to share that they much prefer Zivver due to how much simpler it is to use. They don’t need to have an account for Zivver, they use a one-time password and that’s it - they have access to their information.” West Suffolk NHS Foundation Trust
Connecting the local community
With the introduction of the integration and place-based care agenda, as well as the cohesion between health and social care, clinical services and the wider community, secure and accessible communication is essential to successful reform.
However, this brings the need for connections across a variety of organisations. Zivver offers an accessible and interoperable solution for stakeholders to engage cross-organisationally. Here's one example of how.
A school’s SEND team sharing information with a universal school health service
The challenge:
With universal school health service models growing increasingly stretched, providing assessment, support and advice in partnership with the school team can be a challenge when addressing complex needs.
The solution:
Zivver enables secure two-way communication between schools and practitioners. Schools outside the NHS email infrastructure can share information such as photos, documents and videos securely by email.
Benefits:
- With the ability to send up to 5TB by email, schools can share large multimedia files securely to support the delivery of care.
- Email is reliable and easy to use for schools; non-Zivver users can share data securely, without creating accounts.
“We can apply MFA to authenticate the identity of patients and they can choose the method of authentication they would prefer to use. Patients will often opt for a code sent via SMS. However, for those who don’t have access to a mobile phone, they can choose to receive a password by email. And once we’ve engaged with an individual once, their authentication method is stored for next time; we don’t need to keep setting it for every email.” Royal Papworth Hospital NHS Foundation Trust
Download the report for more examples of Zivver in practice across an ICS.
Learn more about how Zivver supports thousands of healthcare organizations globally.
What next?
Read: Read our latest case study with Royal Papworth Hospital NHS Foundation Trust
Learn: Latest research | Improving patient care: Is email the answer to more secure comms?
Watch: Webinar | What could healthcare services achieve with Zivver?