- Secure Business Email
- Use Cases
- Secure File Transfer
- AS4 Energy
- Relevant blog posts
Email and Data Exchange for Healthcare
GDPR Compliant Digitalization:
Z1 HealthSecure – Secure exchange of patient data and research results
Digitalization is unstoppable, but as significant as its efficiency advantages are, it leaves the door wide open for threats. Security, therefore, is essential for all industries, and the healthcare sector is no exception. The added value of email in healthcare goes beyond fast, simple, cost-effective, and traceable communication. Since patient data transmission has to be GDPR compliant, email and file transfer encryption can be very time-consuming if conducted manually. It is even more challenging when dealing with various communication partners and their respective technologies. Z1 HealthSecure solves this challenge through a simplified solution that ensures communication security for all participants in the medical sector.
Z1 HealthSecure – A Universal Solution for Secure Communication in the Healthcare Sector
Z1 HealthSecure is a central, highly automated encryption solution. Additionally, it adapts to a wide range of communication partners and technologies in the healthcare sector without generating extra work for your staff. Whether you are a medical or pharmaceutical facility, you can exchange emails and files stress-free with: doctors, hospitals, insurance companies, authorities, laboratories, care and rehabilitation facilities, and, of course, with patients and their relatives.
With Z1 HealthSecure, the digitalization of your communication is successfully compliant with data protection regulations in an efficient and user-friendly way. You can quickly exchange patient data, findings, second opinions, and even large files such as X-ray or MRI images: simple, secure encryption – with proof of compliance.
Z1 HealthSecure is a carefully designed system that covers the communication needs of all actors in the healthcare sector and includes patients as communication partners. It is not an isolated solution for particular communication needs, rather a holistic framework for all scenarios.
Why patient data must be encrypted for transmission
The exchange of sensitive data through a simple email void of any additional protective measures is a significant security risk. Spying on, intercepting, and manipulating emails is relatively easy for attackers and leaves no traces: You would not be able to see which emails have been viewed or copied. You also cannot trust whether the original content from the sender is exactly the same. For this reason, the legislator has ordered protective measures to be taken, depending on how security breaches could impact data subjects in the event of damage. So when it comes to personally identifiable health information, the potential aftermath can be enormous for the affected individuals. Consequences can range from professional losses, poorer contractual conditions with insurance companies to severe personal impacts.
Patient data and GDPR
Healthcare communications fall almost entirely under the European General Data Protection Regulation (GDPR). According to GDPR, since health and patient information are always personal data, their transmission must be protected with encryption or anonymization. Besides, the violation of GPDR stipulations results in fines. This reality means that all healthcare providers should already be able to send and receive encrypted emails.
Furthermore, the confidentiality duty in healthcare also applies to digital communication. Accordingly, it must be ensured that unauthorized parties do not have access to confidential email content under any circumstances.
How encryption works simply – Z1 HealthSecure
For Z1 HealthSecure, we have combined our proven Z1 solutions for email encryption to recipients with and without certificates with our solution for secure file transfer to create a tailor-made offer for the healthcare sector.
For all communication needs in healthcare
Our solution covers all purposes of secure communication in the healthcare sector. Safe message exchange is possible with partners inside and outside the hospital network: with insurance carriers, social services, medical supply stores, transport services, care facilities, research institutes, and all types of third-party business partners. With Z1 HealthSecure, compliance and security in digital communication are easily and centrally established.
The encryption of the emails is guaranteed even if the recipient cannot encrypt. With Z1 HealthSecure, you can also communicate quickly and securely by email with patients and their relatives, smaller service providers, or fee-based physicians.
High level of user-friendliness through automation
Z1 HealthSecure provides the advantageous ability to serve all communication partners with the appropriate technology automatically. Mandatory encryption and signature can be centrally set company-wide to exclude human error when implementing security standards. The automated key, certificate, and password management ensure that your employees are not distracted from managing and transferring current keys or passwords of patients or other communication partners.
Large files can also be exchanged quickly – to single or multiple recipients, directly from the email program or via your portal for secure uploads and downloads.
Z1 HealthSecure’s central and automated solution for email encryption and secure file transfer will do more than encrypt your communications. You not only protect yourself against fines, but you also show your patients and cooperation partners that data protection is essential to you. Moreover, You establish a high level of security in communication, which is also necessary for corresponding with health facilities subject to KRITIS specifications. With Z1 HealthSecure, you are not only ready to connect, but your digital transformation is also future-proof.
Key facts about Z1 HealthSecure
Automated email certificate procurement via preset trust center connection
With Z1 HealthSecure, you acquire the connection to a recognized trust center and the automated on-demand procurement of your employee certificates – all from a single source. Invoicing of the purchased email certificates is handled by Zertificon. You do not need to enter into an individual contract with a trust center. In addition to the simplified procurement process, you benefit from Zertificon’s reseller prices on the email certificates.
Spontaneous email encryption without certificates
Encryption with passwords has proven its worth in exchanges with patients, relatives, and smaller service providers who do not have certificates. You provide yourself and your communication partners without their own encryption solution a secure information exchange infrastructure. Z1 HealthSecure enables quick one-time communication without registering your communication partners. It also allows the easy establishment of long-term communication relationships with automatic account creation for your contacts.
You can easily personalize the web interface of your Z1 HealthSecure with a logo and colors to match your brand’s visual identity without needing any programming knowledge.
Zertificon is unique in that you can use all standard spontaneous email encryption systems in parallel (HTML, PDF, secure webmail). A function for encrypted replies is, of course, also included. For compatibility with all end devices of your recipients, there are additional apps available free of charge in the app stores.
Enforcement of compliance
Central security rules are built-in to ensure that all emails that need to be encrypted are actually encrypted. A set of predefined rules has already been configured. Alternatively or additionally, user commands can be enabled. With these commands, users can decide for themselves which level of security applies to each email.
The system logs all actions and thus enables easy auditing. With a glance at the mail flow, the security status of every sent and received email is trackable in real-time.
Central email disclaimer management
With central email disclaimer management, you can integrate uniform signatures or even event or disclaimer notices into emails sent from individual users or groups.
Send and receive large files securely
Z1 HealthSecure contains a module for secure and GDPR compliant transfer of large files. The module enables you to securely upload and download data directly from your email program or web portal. With Z1 HealthSecure, you can invite your communication partners to your secure infrastructure: Your entire healthcare organization can quickly and safely exchange patient data, findings, second opinions, and even large files such as X-ray or MRI images with several MB or even GB.
Individual Z1 solutions for groups or associations
In addition to Z1 HealthSecure, Zertificon also offers solutions for the particular needs of corporate groups and hospital networks. Several clinics or locations can be served from one central installation. Contact us!
Do you have a bottleneck resource, or are you unable to operate the solution on your own?
We have expanded our partner network for the Z1 HealthSecure operation. Experienced partners accompany you during installation or completely take over the running of the system. Contact us, and we will put you in touch with our partner network!
Z1 HealthSecure at a glance
- Email encryption (S/MIME & OpenPGP, password-based)
- Setting and verification of electronic signatures
- Central email disclaimer management
- Optional: Secure sending and receiving of large files
- Easy administration via web interface
- Simple operation: virtual Z1 appliance (Linux Debian 10)
- Cloud-enabled, Microsoft 365 and Google Workspace integration
- IT security made in Germany
- GDPR compliant
- Manufacturer support also available 24/7
Hospital application example
Email exchange with patients, relatives, and public authorities
Communication scenarios in hospitals
For hospitals, secure information exchange involves multiple communication channels and recipients. Let’s take the typical example of sharing MRI scans and patient test results with different recipients. It will typically go like this: the hospital providing further treatment will receive these via a portal. Since the private specialist is not connected to the hospital’s portal solution, he gets a fax and a burned DVD by mail. Meanwhile, employees are well aware, thanks to training, that uploading to a private dropbox account is not allowed. The data is then transmitted to another treatment center through a secure data portal where the MRI scans are uploaded, followed by an email. The patient is then offered by phone to pick up the paper and DVD records on-site. The documents are then also handed in person to the nursing service – a cooperation partner – on the adjacent premises. One might think that these steps are very inefficient and difficult to understand. However, it is everyday life in Germany. All parties involved could simply exchange emails. However, this is only permitted if the personal data is encrypted in the emails. And it gets all the more complex when the number of involved participants increases and whether or not they use particular encryption technologies or none at all.
With Z1 HealthSecure, email communication in hospitals is secure. You can email all recipients- even simultaneously. The software uses centrally stored security rules to check whether encryption is required and automatically selects the appropriate technology for each recipient. Suppose an email is to be sent concurrently to a hospital, a specialist, and the patient. In that case, Z1 HealthSecure will probably use S/MIME encryption for the hospital and perhaps OpenPGP for the doctor, depending on availability. At the same time, the patient receives the same email with password encryption. The large X-ray images or MRI scans file is sent as an attachment to the email and reaches the recipient as a download link.
When all the communication partners use encryption to reply, the incoming email will contain the following note “This email was encrypted.” Your administrator can track the security actions used for each email so that you can provide GDPR compliant information when asked. Z1 HealthSecure requires no extra effort to go from unprotected to protected email. Meaning that the hospital’s communication will run centrally, securely, efficiently, and traceably via the email infrastructure already in place.
Secure transmission of research data by email
Communication exchange between hospitals, laboratories, research participants, and external experts
In medical research, there is a high demand for communication with a wide variety of participants. Projects can involve universities, pharmaceutical companies, clinics, laboratories, service providers, to mention a few. In addition, each project may involve individual freelance specialists. All involved participants need the most up-to-date information at all times. However, the distribution of questionnaires, lab results, and interim results should not be dependent on postal delivery times, and there should certainly be no risk of postal items getting lost. Easy-to-use, real-time digital communication is a real competitive advantage in research. However, exchanging data without encryption, especially in the field of research, would certainly not be a cautious practice.
In this case, it is not so much personal data that needs to be protected because work is done primarily with anonymized data. Instead, it is the research results that need to be protected. The risk, for example, of landing on foreign intelligence services radar that, according to their own information, pass on foreign research findings to their own industry is very significant. This high risk currently applies to Corona research in particular: laboratory results, test series, statistics, and release processes are handled under enormous time pressure. The worldwide interest in this data is tremendous. In medical research and especially in corona research, teams are already working with Z1 solutions to secure email exchange and transfer large files.
Customer reference – Research
Morphosys, an international biopharmaceutical company, tried many things until it finally found a sustainable user-friendly solution with Zertificon. You can find out how their secure communication project concluded to everyone’s satisfaction in our Success Story.