Safely share sensitive client information


(James Hisey) #1

We have a client who needs to share very sensitive client information. They use a password protected shared drop box now but know that it is not really secure.

Does anyone have a good alternative or method to safely share information on cloud based services?


(charles dinsfriend) #2

We trust Google Drive more than drop box or box.

FWIW,
Chuck D


(Dan Roberts) #3

Depending on the tier of Dropbox you’re using, it is HIPAA compliant and should be secure enough to share sensitive client information (with the disclaimer that the end-user configurations must also be secure, i.e. passwords sharing settings, etc.). No matter what cloud service you use, none of them will be bullet-proof. I’d say to stick with what they’re familiar with so there is no risk on information being inadvertently leaked due to the user being unfamiliar with the new platform.


(BJ Beier) #4

We currently use a service called LeapFILE. When you want to send a secure document to someone, it uploads it and stores it on their website for the other user to download. They must have a password to access the download (should be sent via text or on a phone call for best security). We also have the files set to expire after 10 days. There are more options for expiration such as as soon as it’s downloaded, or X days after it’s downloaded. Keeps secure documents out of email boxes in case they are compromised and expired files can’t be accessed if an account gets compromised.


(Dan) #5

We use Barracuda secure email. The service is included with our email firewall. But we had been using NeoCertified for years. I can recommend both of these.


(Joel ) #6

Citrix ShareFile may be something to consider. It has an add-in for Outlook, provides notification(s) and can link directly to digital signatures for further security verification.


(Rachael Chosnek) #7

We use our secure email anytime we need to send or receive confidential information outside of our organization. I have used LeapFile and Barracuda, both are easy to use.


(Amber Simpson) #8

We use Citrix ShareFile for confidential communications with our clients. Each client has their own dedicated folder only they can see and all the confidential documents get uploaded there. Our users like that they can have very granular permissions within their shared folders, so only certain people at a client can see particular files/folders, even within that client’s folder.


#9

We’ve been using Citrix ShareFile for all communications with our clients and partners for all outgoing attachments for the past year. The ability to transmit files up to a GB, link expiry, notification of file retrieval and provide an option to request secure delivery to ourselves from clients has been very beneficial.


(Ed Becker) #10

We have used ShareSync from Intermedia.net with great results. Data is encrypted at rest and in transit, password protection is available but not required, and it has been highly available. Try it out!


(Ed Becker) #11

be careful Dan, there is nothing that is HIPAA compliant, only people following processes with the result that personally identifiable data is not viewed by an unauthorized person is the only HIPAA compliant setting. Google the “Wall of Shame” for a long list of folks who used HIPAA compliant systems and were fined or jailed. In the end, it is the imperfect human that is responsible to follow protocol and processes to maintain HIPAA compliance. I have not yet been to a hospital, physician, doctor, or dentist that did not have multiple HIPAA violations apparent when I walked into register with the receptionist. No system or software can save us from our self.


(David Reid) #12

Been testing sharefile from Citrix and agree with others it is more secure and easier to use than Dropbox


(William Holmberg) #13

Varonis DatAnywhere is a good medium priced solution that adds value through both desktop and mobile apps, and allows us to send a URL to a customer to view a specific document we control- we can set the duration of availability, whether it is editable, and also whether it can even be printed.

They also do other security offerings- check them out.


(Mandy) #14

Varonis, Citrix Sharefile, Box (Enterprise, not free)


(James Endicott) #15

The City of Kent uses Sophos Secure Email Gateway for filtering and email encryption. It has intelligence to block PII.


(Shawn M. Thomas) #16

We also use Citrix Sharefile & RightSignature and love it.


#17

We have CPA and financial clients who feel Citrix Sharefile meets their needs


(Courtney McDowell) #18

We use Virtru encryption for emails/attachments sent outside the agency’s domain, and Google Drive for internal emails. Virtru integrates well with Google Apps (our email service) and obviously Drive is the default option for file-sharing within the agency (other than network drives). As others have said though, HIPAA compliance only goes so far. We have a standard password policy implemented in the agency, and the users I have observed changing passwords tend to exceed the length (at least) requirements, so I feel as secure as I can be with allowing the sharing of client info through Drive. (It also helps we disallow use of anything older than IE11, and recommend the use of Chrome or Firefox instead of IE altogether. Edge is, no pun intended, an edge case as we have about six people in our ~250-employee agency on Windows 10, and two of those are us in IT.)


(James Hisey) #19

Thank you all for your great comments they helped alot!


(Brian) #20

Our company is adverse to having our data in the cloud so we installed OwnCloud which is hosted on premise. This has worked well for us as it supports password protection and link expiration.