Monthly Archives: July 2014

iBridge Would Like to Announce the Opening of Its New Seattle Area Office!

Leading West Coast information management and data services firm iBridge LLC announced today the opening of its new Seattle office to better serve the growing number of legal, health, and software clients in and around the Puget Sound region.
 
Founded in 2004, iBridge is headquartered in Beaverton, OR., and has offices in the US, EMEA, and India. The company works with a range of corporations, organizations and law firms with a range of services and solutions, including eDiscovery, record management, back office on demand, and software development. Clients have included Safeco Insurance, Wilson Sonsini Goodrich & Rosati LLP and Yahoo! Inc. The new office emerges during an increased effort to expand iBridge’s services and operations throughout the Northwest.
 
“iBridge has been working with companies and firms throughout the Pacific Northwest region for 10 years, and this new office marks our increased efforts to serve our growing number of law firms, healthcare organizations and technology companies located in the Puget Sound region,” said Desh Urs, President & CEO of iBridge.
 
“Considering our existing business with Washington-based clients, in addition to the new business we hope to earn in the city and state, this is a timely and strategic move for us,” said Dean Van Dyke, Vice President of Business Process Optimization.
 
iBridge provides clients with access to over 550 highly-trained full-time employees, plus a significant infrastructure support organization. Trained in Six-Sigma quality processes and ISO 270001:2005, BS 7799 and SEI-CMM Level 5 certification, iBridge strives to deliver extraordinary results with every engagement. It has exceptional success in client retention and a reputation for superior customer service among companies of all sizes across the United States, Canada and Europe.

About iBridge

iBridge is a team of trusted, responsive information experts who capture, normalize, mine and report data to help organizations make smarter business decisions. By cutting through the data noise, iBridge provides critical information to its customers, allowing them to better understand their opportunities. iBridge’s value is in it’s ability to solve business problems in collaboration with it’s customers; to rapidly scale up or down; and to integrate it’s teams with client organizations. The company has offices in Oregon, Washington and India.
 
To learn more about iBridge and its services, call 888.490.3282. You can also visit ibridgellc.com or connect with them via Facebook, Twitter, LinkedIn, or Google Plus.
 

20 HIPAA Breach Response Tips From Experts

20 HIPAA Breach Response Tips From Experts

Medical identity theft is undeniably one of the biggest challenges facing the healthcare industry today. The guidelines laid out by HIPAA provide an excellent frame of reference to help better protect patient data. When you are faced with a breach, however, what’s the best response? Here’s a look at 20 tips from the experts.

Source: freedigitalphotos.net/Stuart Miles

1. Locate Breach

The very first thing to do if you suspect a breach is to find it. No other steps can be taken without knowing exactly what you’re up against.

2. Containment

After identifying the breach, the next step is containment. The goal here is the IT equivalent of stopping the bleeding, whether that means disabling compromised accounts or blocking access to infected machines.

3. Damage Control

Damage control begins as soon as the immediate threat is under control. Determine what was accessed, and investigate other potential vulnerabilities to gauge the extent of any collateral damage.

4. Restore Services

Your organization must continue functioning effectively, and this means getting critical systems up and running again as quickly as possible. Once you’re sure that you’ve accurately identified and contained the source of the breach, restore essential services.

5. Internal Notification

Next, develop an internal report that notifies everyone from the ground up about what just happened. This is important for managing the rumor mill, but also contributes to the U.S. Department of Health and Human Services documentation requirements.

6. Be Honest

Don’t bother trying to combine sugarcoating and information dissemination. Just be honest and explain the facts behind the breach.

7. Change Passwords

Change all passwords and authorizations right away. It’s hard to tell how much information a hacker had time to grab, so err on the side of caution.

8. Preserve Evidence

As you’re doing things like changing passwords and containing the breach, be sure to save evidence of both the breach itself and the corrective measures you’re taking for future reference.

9. Gather Documentation

The OCR will require extensive documentation, including but not limited to: a copy of your most recent risk assessment, records of corrective action taken to correct the breach, proof of plans to prevent future recurrence, and much more.

10. Report Immediately

Although you technically have 60 days to report the breach to HHS and the press, it’s better to go public sooner rather than later. This shows that you’re taking the issue seriously, which in turn bolsters confidence in your organization.

11. Inform HHS

Tell HHS about your breach. Remember, any incident that affects more than 500 patients should be reported directly to the Office of Civil Rights.

12. Contact Your Patients

All companies are required to inform potentially affected individuals that a breach has occurred. Again, this should be taken care of as quickly as is reasonable, for the same reasons mentioned above.

13. Tell the Media

As the saying goes, he who breaks the story controls the manner of its release. Acknowledging the breach openly with the media is much better PR than trying to cover anything up.

14. Remediate

Everyone makes mistakes, but those who make an effort to rectify those mistakes rebuild trust in their organization that much faster. Do the right thing by offering help where help is needed.

15. Offer Resources

As part of the remediation process, provide resources to patients who are concerned about their privacy. For example, you can create a dedicated 1-800 number help line for affected parties to easily get answers to the questions they have, or offer free credit monitoring for one month.

16. Discipline

If your data breach resulted from a clear internal violation of your existing policies, the responsible party has to suffer the appropriate consequences. Take the necessary steps to discipline where called for.

17. Review Policies

Any data breach is a good indicator that it’s time to review your processes and policies to prevent similar incidents in the future.

18. Uptrain

Further investigation of the breach could reveal that remedial training is required to ensure that all employees are in compliance with current data guidelines.

19. Promote Awareness

Most healthcare organizations have a great number of various policies and procedures that employees are expected to follow, and it’s possible that data security concerns could get lost in the shuffle. Encourage awareness of the importance of HIPAA compliance, and make it clear that ignorance is not an acceptable excuse for noncompliance.

20. Prevent

While all of these steps are important for handling a data breach with professionalism and grace, the truth is that prevention is still the best policy when it comes to keeping information secure. Going the extra mile now to limit the potential of dealing with fallout later on is well worth the extra effort.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Why It’s Time for Law Firms to Get Real about Data Security

Why It’s Time for Law Firms to Get Real about Data Security

Source: freedigitalphotos.net/Renjith Krishnan

Source: freedigitalphotos.net/Renjith Krishnan

When it comes to data security, law firms are facing two distinct disadvantages. First, the legal industry seems to lag behind other fields somewhat when it comes to technology in general; not every member of the old guard sees the need to learn new tricks. And secondly, there’s no industry-wide standard when it comes to data security requirements for sensitive information. This combination all too often leaves law practices severely lacking when it comes to protecting data, leading experts to refer to law firms as the “soft underbelly” when it comes to cyber security. Is this a fair designation, or are law firms more self-aware than that?

Technological Savvy

Although of course new case law is created on a regular basis, the truth is that the vast majority of legal expertise lies in examining and reexamining the same information again and again. This can give the impression—sometimes even to those within the legal profession—that not much changes when it comes to litigation, and therefore not a whole lot need to join the 21st century with regards to technology by investing significantly in a firm’s technological infrastructure. As such, to run into severely outdated computer systems in a lawyer’s office isn’t all that unusual, particularly in smaller firms that lack the financial resources of larger, more established practices.

Yet, to assume that these “rules” apply to all law firms is equally shortsighted. In reality, the past year alone has shown a dramatic uptick in security efforts from individual firms, either in an effort to adopt ISO 27001 or even stricter security standards. Initiatives like LegalSEC® are helping to develop consistent guidelines within the legal community and create security programs that are both measurable and achievable, as well as promote greater awareness about cyber security.

The Future of Legal Technology

The issue of cyber security becomes paramount when the legal industry intersects with other professions in which data protection is a chief concern. For example, clients in the financial services industry are likely to conduct security audits to ensure outside counsel’s compliance with industry-specific guidelines. These audits can even include details such as security assessments of data centers and physical files.

In short, the legal industry now finds itself positioned in a place that requires them to maintain robust security programs, acknowledge and resolve any existing vulnerabilities and be prepared to address any risks that are uncovered during a security audit. The overwhelming response has been to rapidly restructure existing operating budgets accordingly.

While the sudden IT security ramp-up may seem like an overwhelming shift, this is really only one pixel in the big picture of other changes law firms are facing: new billing practices as clients push for a move from hourly to service-based fees, the non-traditional career path of working as an independently contracted lawyer, and a number of other post-recession adaptations that allow the industry as a whole to evolve and—eventually—thrive in its new incarnation. Rest assured, those in the legal field are not the only seasoned professionals who are facing these types of challenges. Armed with a renewed awareness of the severity that a lapse in data security can represent, the legal industry is ready to face the future and get serious about data security.

Written by Simeon D. Rapoport

Simeon D. Rapoport is the Vice President & General Counsel for iBridge. He’s been an attorney for more than 25 years, began his career working in the courts and private practice for more than 10 years, and has been in-house corporate counsel since 1998. Rapoport’s experience includes private practice with the large West Coast firm of Bullivant Houser and more than 10 years at Standard Insurance Company. Rapoport is a frequent author and speaker, and he enjoys being active in Bar and civic groups. His interests include family, fitness, outdoor activities, and travel.

Ramped-Up HIPAA Audits: What They Mean to You

Ramped-Up HIPAA Audits: What They Mean to You

Over the last 12 months, more than $10 million has been recovered by the U.S. Department of Health and Human Services (HHS) in connection with alleged HIPAA violations. Yet, the upcoming year is likely to bring on a few more game-changers: namely, a seriously ramped-up effort when it comes to audits. The HHS Office of Civil Rights (OCR) has decided it’s time to broadcast a definitive message throughout the industry by conducting new HIPAA audits among hundreds of organizations that have been identified as being at high risk. What will this mean for those in the healthcare industry? 

Source: freedigitalphotos.net/Stuart Miles

HIPAA Sticking Points

The statistics gathered by the OCR are sobering:

  • The number of individuals who were impacted by smaller breaches increased over the last two years, more than tripling between 2010 and 2011 and increasing again in 2012.
  • There has been an increase in breaches related to hacking, although theft and loss account for them majority of large breaches
  • Most large breach incidents were traced back to business associates, which has led to the OCR’s announcement that business associates will be included in future audits
  • The majority of small breaches occurred due to unauthorized access or disclosures such as incorrect billing, sending information to an outdated physical address or otherwise misdirected communications
  • More small breaches involved paper records rather than electronically stored health records

According to current guidelines, HIPAA applies to anyone defined as either a covered entity or a business associate of a covered entity. This classification can cause confusion out of the gate for many organizations that remain unsure whether they’re actually bound by HIPAA requirements. (Here’s a helpful hint: when in doubt, assume that you need to follow the guidelines. It’s much easier to take extra precautions than suffer the consequences of being found in violation.)

Another sticking point when it comes to HIPAA is the widespread use of mobile devices outside the office. Personal devices such as smartphones and tablets that are being used to access company data are often responsible for a large number of complaints and data breaches because they lack the proper security specifications and aren’t always held to the same standards as on-site equipment.

Protecting Yourself

When it comes to protecting your business against the ramifications of a data breach, the most important step you can take as a healthcare organization is to conduct an exhaustive risk assessment (as required by HIPAA) to examine existing policies and procedures in an effort to more accurately identify potential problems. From there, don’t hesitate to take steps to shore up weak spots and revise current practices as needed to safeguard sensitive information from a potential data breach… and limit the possibility of a future audit by the OCR.

Written by Simeon D. Rapoport

Simeon D. Rapoport is the Vice President & General Counsel for iBridge. He’s been an attorney for more than 25 years, began his career working in the courts and private practice for more than 10 years, and has been in-house corporate counsel since 1998. Rapoport’s experience includes private practice with the large West Coast firm of Bullivant Houser and more than 10 years at Standard Insurance Company. Rapoport is a frequent author and speaker, and he enjoys being active in Bar and civic groups. His interests include family, fitness, outdoor activities, and travel.

Is Your Healthcare Organization Spending Enough on IT?

Is Your Healthcare Organization Spending Enough on IT?

The IT budget is one of those areas that seemingly grows larger and larger every year. Sometimes it feels like costs are increasing every quarter. Yet, there’s no denying that IT is an integral part of managing any modern business, and that goes double for healthcare organizations. The question to ask these days isn’t whether you’re spending too much on IT, but if you’re spending enough.

Source: freedigitalphotos.net/Baitong333

The Pricing Evolution

The cost of IT has increased almost exponentially over the past several years. This is particularly true within the healthcare industry for a few different reasons:

  • IT functions have become more systemized and centralized, requiring an overhaul of previous workflows and systems.
  • Compliance with new regulations—from such projects as the conversion to ICD-10 or programs like the Affordable Care Act (ACA)—has changed the way patient information has to be processed and handled.
  • Concerns over medical identity theft and a greater emphasis on enforcing HIPAA compliance have motivated a number of practices to increase security measures—and therefore their IT expenditures.

The other game-changer is that more organizations now have a deeper understanding of what constitutes acceptable IT capabilities. What was an adequate level of IT support and equipment 10 or even five years ago is simply no longer sufficient now. Essentially, pricing has stayed right in line with functionality; as daily technological requirements continue to increase, the IT budget expands accordingly.

Tips for Spending Wisely

Although plenty of healthcare organizations are neck-deep in reevaluating their IT budgets and trying to keep up with industry standards, that shouldn’t equate to making reckless investments in software, hardware or staff uptraining. Instead, the better option is to take a systematic approach and spend wisely:

  • Perform a thorough audit of your existing IT assets, including not just equipment but also personnel and licenses.
  • Compare this baseline against healthcare industry regulations like HIPAA to see what areas may need shoring up.
  • Know which costs are discretionary and which are fixed, and then treat them as such.

Of course, these few tips are barely a scratch in the surface, but at the very least should offer a more substantial “big picture” image of your IT needs vs. your IT budget.

Getting What You Pay For

Finally, remember there is definitely an element of getting what you pay for when it comes to IT costs. Cutting corners and keeping expenditures to the bare minimum may seem like a sensible decision at first, but trying to play catch-up with upgrades later on can end up haunting your expense reports for years to come. Your IT budget is no longer an optional luxury. Instead, plan for a realistic future IT budget right now and you’ll save yourself a lot of expensive hassle down the line.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Are You Beefing Up Your Data Security?

Are You Beefing Up Your Data Security?

While the general public may think of data breaches as occurring mainly in the retail industry, signs increasingly indicate that the healthcare sector could present a much higher risk for consumers, both in terms of frequency and the potential for more serious consequences. Large retailers whose security efforts have been found wanting (as in the case of Target’s heavily publicized recent data breach) have been duly fined and have now actively kicked their security efforts up a notch, along with many of their peers. Yet, healthcare organizations—despite their arguably greater vulnerabilities—still seem to be lagging behind when it comes to data protection.

Source: freedigitalphotos.net/Stuart Miles

Personal vs. Financial Data

Although having your credit card or bank account data stolen is certainly stressful, the loss or theft of personal information like medical records can be even more sensitive, for a number of reasons:

  • While consumers can contact their banks, credit card companies or the credit bureaus to report identity theft, no “official” recourse exists for a breach of medical records.
  • Information gleaned from medical records can be leveraged into accessing a multitude of other accounts, including banks and credit cards.
  • Correcting medical records after healthcare fraud has occurred is next to impossible, as healthcare organizations are (understandably) reluctant to change any records but those directly originating from their practice.
  • Healthcare fraud cost the United States an estimated $80 billion, according to the FBI.

This list is just the tip of the iceberg when it comes to looking at all the reasons a personal data breach so often presents a more serious threat to individuals than a retail-related breach that only accesses payment accounts.

What’s Your Security Grade?

A close examination of data on security breaches indicates that those in the healthcare industry continue risking network exposure and patient data by following high-risk practices. Security ratings are lower overall for healthcare organizations than for retailers, indicating a strong need for all healthcare-related businesses to beef up their efforts at patient protection across the board.

In 2013 alone, nearly 200 data breaches were reported to the U.S. Department of Health and Human Services, a number that reflects over 7 million at-risk patient records. This is an increase of 138 percent from the previous year.

The Payoff

Since most healthcare systems were originally designed for ease of use rather than high-level security, these facts are hardly surprising. Yet, since the United States spends approximately $2.7 trillion dollars on healthcare every year, it shouldn’t be hard for healthcare organizations to see that their records represent a potential goldmine for cybercriminals. That fact alone should be reason enough to start taking security much more seriously.

At this point in the game, it’s clear that protecting patient data and healthcare records desperately needs to take top priority, especially when additional factors such as the launch of HealthCare.gov and the recent increase in HSS crackdowns are taken into consideration. If you’re still not sure where you stand with your system’s security, take the time to conduct a risk assessment and find out if your organization might be vulnerable.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

10 Ways to Keep Your Data Safe On the Go

10 Ways to Keep Your Data Safe On the Go

One of the obvious benefits of mobile technology like smartphones and tablets is the awesome ability to access your data from just about anywhere. With their frequent and casual use in public places—not to mention their laptop-sized price tag—it’s more important than ever to protect your investment. How can you keep your equipment and your data safe while you’re out and about?

1. Don’t Flaunt

Image via freedigitalphotos.net/Stuart Miles

Image via freedigitalphotos.net/Stuart Miles

While you may not be using your latest gadget with the intention of showing it off, the more visible your smartphone or tablet is, the more likely you are to be targeted by someone without your best interests at heart. Keep your device safely tucked away in a pocket, purse or briefcase when not in use to stay on the safe side.

2. Don’t Leave Unattended

No matter how familiar a face you are at your local coffee shop, don’t leave your device unattended while you get up to grab another latte or run out to your car for your charger. Although it may seem like a bit of a hassle at the time to pack up all your gear for such a short period, it’s a whole lot easier than replacing a stolen device and all the data it held.

3. Become a Master of Disguise

The e-reader covers that are designed to look like leather-bound classic literature look like an ironic commentary at first glance, but they’re actually a pretty crafty theft deterrent to boot. What’s more likely to be stolen after all: a tattered copy of Pride and Prejudice, or the latest Kindle model to hit the market? Phones and tablets can be similarly protected by clever covers.

4. Password Protect

If, despite your best efforts, your device is stolen, the actual physical theft is far from your only concern. What about your personal information like email passwords and bank account information? Work-related data is just as much at risk and may be even more sensitive. Be sure to use a strong password or passcode for your initial login to help prevent unauthorized access.

5. Encrypt Like Crazy

Passwords aren’t the only way you can protect your data from outside parties. A number of devices come with encryption capability to ensure that all information on your smartphone or tablet is nothing but gibberish to anyone who isn’t authorized to access it.

6. Install Trackers

The Find My Phone app has helped recover more than one device after falling into the wrong hands, and that’s only one example of the many available tracker apps out there. If your device does go missing, make sure you have some means of remote access already installed to help you or law enforcement officials track it down again.

7. Add Apps

Besides using apps to simply track your device, others can remotely lock your mobile device to prevent use, or even wipe your phone or tablet completely in response to a trigger (like trying the wrong password too many times). There are even apps out there that can snap an inadvertent selfie of the thief in question.

8. Personalize It

Monograms aren’t just for the rich and famous. By adding a personal touch to the outside of your device, like a permanent engraving of your name and/or contact information, you’re making the ability to resell or pawn your device that much trickier—and therefore, ensuring that your tablet or smartphone presents a far a less enticing target to potential thieves.

9. Contact Your Carrier

In the event that your mobile device does go missing, the first phone call you make should be to your mobile carrier. They may have powerful network tools at their disposal, like GPS tracking, that can be invaluable in locating and returning your stolen property. A proactive call to your carrier also prevents unauthorized usage fees from landing on your bill.

10. Practice Common Sense

While all of these tips are helpful, they really boil down to just one piece of advice: practice common sense when it comes to your smartphone or tablet. Remember that regardless of how prevalent their daily use may be, your mobile device is an expensive investment that deserves to be thought of and treated as such.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Not Preserving Text Messages Could Cost You Big Money!

Not Preserving Text Messages Could Cost You Big Money!

If you think text messaging is something you don’t need to worry about in litigation, think again. Several months ago, the defendants in In Re Pradaxa learned this lesson the hard way.

Image via freedigitalphotos/patrisyu

Image via freedigitalphotos/patrisyu

In this December 2013 case, a federal judge in the Southern District of Illinois ordered the defendants to pay almost $1 million in sanctions for eDiscovery failures, including the failure to preserve text messages. Specifically, the court found that the defendants knew their employees were communicating via text for business purposes, yet nevertheless did nothing about the auto-delete function for text messages when implementing a litigation hold. The court pointed out that the duty to preserve applies to text messages just as it does to email.

A link to the decision follows. http://www.crowell.com/files/20131209-re-pradaxa-litigation.pdf Praxada is something of an extreme case but it does illustrate the point that companies need to be concerned about business text preservation just as they need to be concerned about business email preservation.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Emailing Sensitive Information Without Encrypting: Playing With Fire?

Emailing Sensitive Information Without Encrypting: Playing With Fire?

Attorneys use email to transmit valuable confidential client information hour after hour, day after day. Yet many lawyers do not encrypt email. Are they asking for trouble?

Consider the following:

Is native email reasonably secure?

Many would argue no. It is common knowledge that email is intercepted and accessed by third parties on a regular basis.

What about a lawyer’s ethical duty to take reasonable precautions to prevent a client’s confidential email from ending up in the hands of a third party?

It may be true that (currently at least) a lawyer does not have an absolute duty to encrypt email. However, it is also true that some circumstances do require encryption.

For example, California Formal Opinion No. 2010-179, pertaining to confidential communications, states that “encrypting email may be a reasonable step for an attorney to take in an effort to ensure the confidentiality of such communications remain so when circumstance calls for it, particularly if the information at issue is highly sensitive and the use of encryption is not onerous.”

So, when does sensitive information rise to the level of “highly” sensitive information? Good question. Do you want to guess where that line is and hope you guessed correctly?

And when does the use of encryption rise to the level of “onerous”? Another good question as modern encryption tools are inexpensive and easy-to-use – quite a difference from the old days.

Image via freedigitalphotos.net/Stuart Miles

Image via freedigitalphotos.net/Stuart Miles

What does the future hold?

Hacking into confidential information is a common everyday event, and will only continue to increase in frequency. This truth, coupled with the fact that today’s encryption tools are simple and inexpensive, means that the line will continue to shift such that more and more — if not all — email will be required to be encrypted.

Why not use encrypted email?

Perhaps the question ought to be turned on its head. Rather than: Why should I use encryption? You might ask yourself: Why wouldn’t I use encryption? Some tools even carry with them side benefits such as a guaranteed recall feature – valuable in the event of inadvertent disclosure through a mistakenly-sent email.

Lawyers routinely send confidential information via email. Given the risks associated with transmitting such confidential information without encrypting, and given how encryption tools have become inexpensive and easy-to-use, it may be difficult to justify not using encryption.