$218,000 Fine for HIPAA Violation Underscores Risks of Consumer-grade File Sharing Apps

Organizations in the healthcare industry should be wary about storing health information on freemium file sharing services due to HIPAA compliance issues.


20 July 2015

$218,000 Fine for HIPAA Violation Underscores Risks of Consumer-grade File Sharing Apps

Freemium and consumer-grade file sharing services are cost-efficient and convenient, sure, but organizations operating in the healthcare industry (in addition to other regulated industries) should be wary about storing sensitive health information here as it presents significant issues related to Health Insurance Portability and Accountability Act (HIPAA) compliance.

Recently it was announced that St. Elizabeth’s Medical Center, a Massachusetts-based hospital agreed to settle HIPAA violations after its employees used a freemium, Internet-based file sharing service to store sensitive health information of nearly 500 individuals, without first assessing the risks of using consumer-grade file sharing products. As a result, St Elizabeth’s Medical Center will pay a fine of around $218,000 and must comply with the terms of the U.S. Department of Health & Human Services’ Office for Civil Rights’ corrective action plan.

In research Intralinks conducted with Ponemon Institute, 49 percent of IT leaders surveyed admitted that their companies lacked visibility and control over employees’ use of file-sharing services like Dropbox. For regulated industries in particular, such as healthcare and financial services, the use of consumer, freemium file sync and share services presents significant security risks and vulnerabilities to the organization.

The corrective response of the U.S. Department of Health & Human Services’ Office for Civil Rights to the healthcare organization emphasizes the importance of data security and data privacy and the risk of using free file sharing solutions. Secure solutions should have end-to-end encryption at rest, in motion and in use, on any device, with information rights management access controls available at the document-level to control the flow of information wherever it goes and with whoever it is shared.

Without addressing the issues of information security, healthcare companies are putting their clients, partners and other providers at risk.



Daren Glenister

Daren Glenister

Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.