Driving patient email security with Smart Technology 

Driving patient email security with Smart Technology 

Royal Papworth Hospital NHS Foundation Trust is one of the UK’s leading heart and lung hospital, treating approximately 50,000 patients each year. As traditional paper and postage are increasingly phased out in favour of electronic patient engagement, the trust selected Zivver to reduce human error and protect sensitive data in outbound and incoming emails. We spoke to Cath Willcox, Head of Information Governance and Health Records at the Royal Papworth Hospital NHS Foundation Trust, to understand how Zivver is supporting them. 

Who has benefitted from the roll-out?  

We’re rolling Zivver out for every one of our 2,500 members of staff. While not every employee will use Zivver day to day, we’re implementing it for everyone. The business rule functionality is very helpful, and we’re investigating new opportunities to create more ways to empower all employees to avoid causing data leaks through simple mistakes. 

How has Zivver helped with email communication? 

Zivver integrates with Outlook and enables us to send large files straight from the email client. This comes in useful for many of our employees. For example, our Subject Access Request Team fulfils requests of all sizes; they can vary between 50 and thousands of documents. Historically, we have posted these, which are both time-consuming and very costly. We have also used a bespoke file transfer site, but this has proven less than user-friendly for recipients. Zivver saves time, ensures best practice on a data protection front and is easy for patients. 

 The ability to send large files securely by email helps deal with other stakeholders too. For example, on occasion, we have cause to engage with solicitors who may be handling cases on behalf of patients. Often, these firms have firewalls in place which prevent them from accepting files sent via third party sites – but they do accept secure emails and attachments sent via Zivver. 

How does Zivver enhance email security?  

One of the main things that attracted me to Zivver was the fact that it enables two-way secure email. This means that not only can our employees’ email securely, but non-Zivver users outside of the trust, including patients, can email our staff securely too. Zivver makes this really easy. Recipients don’t need to create Zivver accounts or log in to any portals. It’s as easy as replying to an email! Previously, this hasn’t been possible, but this functionality is beneficial for so many reasons. 

For example, our Private Patient Team will often send a patient a form to complete. Previously, while they were able to send the form securely to the patient, the patient was unable to return the form to us with the same levels of security applied. This meant that we were sending an email which contained little to no sensitive data securely, but the patient was returning it to us, complete with personally identifiable information, unencrypted. But with Zivver, patients can reply to our emails very easily and their data is protected.  

Our overseas administrator manages referrals of new patients. In the instance that we require confirmation that they can be treated at the trust, our administrator sends a request to the patient for proof of residency or identification, for example. Understandably, the patient may not want to supply us with original documents and not everyone has access to a scanner or printer.  

 However, most people have access to a mobile phone with a camera and are more willing to correspond with us via email than post. So, we will send the patient a secure email and ask them to reply to it with their documentation attached. Their data is secure, and the process is quick and easy for the patient. 

How does Zivver protect data in research and development? 

Our Research and Development team is currently facilitating a study which involves approximately eight other hospitals. The project requires our team to collect and collate data from these hospitals every few weeks before passing it on to the sponsor. 

Originally, the plan was to provide the hospitals with USB sticks. The hospital would transfer the required data onto the USB sticks before posting the stick to us. We would then download the data and return the USB stick to them in the post. The cost of couriers alone was impractical, not to mention the potential data loss in the instance that a stick was lost. 

In this instance, the amount of data provided is quite small, so they can simply input it into the body of the email. Of course, if the amount of data provided was bigger, they’d still be able to send us large files securely via Zivver, without having to create accounts. What was originally going to be a very time-consuming process is now straightforward and far more secure. 

Tell me more about the multi-factor authentication functionality.   

Another instance in which Zivver is proving very helpful is when dealing with insurance providers. We engage with a provider for the US Armed Forces. When we deliver healthcare to one of its customers, they contact us requesting data regarding their case. Zivver protects this data in transit and of course enables the provider to contact us securely, too.  

In a world where paper and postage are quickly being replaced by digital engagement, we must be able to facilitate this whilst ensuring accessibility for all patients. Zivver provides a truly simple user-friendly experience and that is very important for us.  

This is also an example of how the multi-factor authentication (MFA) functionality in Zivver is particularly helpful. We can apply MFA to authenticate the identity of patients and they can choose the method of authentication they would prefer to use. Patients will often opt for a code sent via SMS. However, for those who don’t have access to a mobile phone, they can choose to receive a password by email. Once we’ve engaged with an individual once, their authentication method is stored for next time; we don’t need to keep setting it for every email.