How to Avoid HIPAA Violations Using LinkedIn

If you or anyone associated with your healthcare practice’s email account is utilizing LinkedIn’s new Intro service, you need to be aware that it may be a privacy and security nightmare for your practice.  It is imperative that healthcare providers fully investigate this new technology, and prohibit its implementation to avoid potentially devastating penalties and data breaches.

LinkedIn’s new Intro service integrates with Apple’s iOS native mail application, and sends incoming and outgoing email messages through LinkedIn’s servers.  Forbes.com’s security contributor, James Lyne, explains that, “the application works by re-configuring your e-mail to proxy through LinkedIn servers . . . . [This] allow[s the] LinkedIn servers to act as a man in the middle for your e-mail.  In other words their servers sit in between you and your normal e-mail systems to provide the feature.” Forbes.

Essentially, by using LinkedIn Intro, you are allowing LinkedIn to read, analyze, and modify all of your emails – even emails containing protected health information (“PHI”).  For health care providers, this is not acceptable.  Health care providers have a duty to protect the privacy and security of their patients’ PHI, and utilizing LinkedIn’s new Intro service seems to open the door to cyber criminals, potential data breaches, and privacy/security vulnerabilities.

Tell us how you analyze technology to stay compliant with the HITECH Act and Final Rule to avoid breaches?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.