Keep your practice’s data secure

By Dava Stewart

You’ve seen the news stories—major retailers’ credit card systems getting hacked, famous email accounts getting hacked, personal photos being shared—data security breaches happen every day. You also know that HIPAA and HITECH require security measures regarding patient records. But is your practice really at risk? And are there specific ways to protect yourself and your patients?

You need to have at least basic protections in place to deal with three possible threats:

1. Internal misuse. Your staff may present a threat you aren’t even aware of. Taking laptops home to do work after hours has caused problems in the past. While you always hope your staff is entirely trustworthy, humans are faulty beings.

2. Loss or theft. If someone breaks into your office and steals your equipment, sure, insurance will cover the loss of the physical items, but what about the information? Basic things, like locks and security systems, are important.

3. Technological threats. Hackers are out there, and business accounts can be prime targets. Using certified software can help, but things that may seem minor are important too. For example, passwords require attention. Following recommended best practices regarding passwords is a huge step toward protecting your online information.

Careful HIPAA training for yourself and your staff is another good step. Annual, or even quarterly, reviews will help keep everyone updated and in compliance with the regulation surrounding patient data. The strategies and concepts that are used to protect patient information can often be broadly applied.

Investing in security is also recommended, even if that just means purchasing some inexpensive cameras or hiring a monitoring company. Basic common sense plays a big role in protecting your physical possessions.

If you use a certified electronic health records (EHR) system, the vendor may be able to help with the security surrounding your billing system and financial accounts. There are companies that perform risk assessments, as well. Consulting with a professional may be well worth the cost and time if the result gives you peace of mind.