Data security is a concern, particularly for those in the healthcare industry.
As a DC, you are held to the regulations of the Health Insurance Portability and Accountability Act (HIPAA), and also the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Both pieces of legislation contain specific rules designed to make sure patients’ private information is protected. Although security is a very real concern, it is not an insurmountable obstacle to adopting new technology.
EHR software and anti-virus protection
One good way to protect your practice, as well as your patients’ information is to make sure that any EHR software you purchase has been certified by the Office of the National Coordinator (ONC).
ONC certified EHR systems already have some anti-virus protections. That said, it is important to run anti-virus software on your personal computers. If you don’t have an ONC certified system in place, make sure you have anti-virus software installed and that it is run regularly.
Ways to keep data safe
In a 2013 TED Talk, James Lyne, the global head of security research at the security company Sophos discussed the tactics of modern day hackers. Today, hackers are organized and sophisticated operations, offering their services to individuals and companies.1
In addition to the software considerations above, there are simple, everyday steps you can take that will add a layer of protection to both your personal and professional information. Follow these tips to avoid putting your or your patients’ information in the hands of hackers:
- Update your system. Hackers often use weaknesses in older systems that are fixed in newer versions. Older versions of Adobe, Java, and even Internet Explorer have well-documented weaknesses that are easily exploited by hackers.1 Since many chiropractic practices are small, and can lack the manpower necessary to stay on top of software updates, outdated software could represent a vulnerability. If you do not have the time to update your software regularly, set up automatic updates.2
- Scan USB devices before use. A common access point for malware are USB devices. When connecting a new USB device, always scan it with anti-virus software before opening. Having a policy for staff to follow will help everyone develop this data safety habit.1, 3
- Use a good password. There are countless articles, videos, and even services that can help you develop solid passwords, yet an unbelievable number of people still use “password” or “1234”. Spend some time learning about how to create stronger passwords, or use a service that will help.2, 3
- Secure your website. Malicious code can be delivered to computer systems in a dizzying array of methods, and your information may be embarrassingly available. In his TED Talk, Lyne points out websites that include comment sections, made without proper security, allow comments to contain code which compromise visitor’s computers. Using a quality service to build your website will ensure a safer experience for guests.1
- Don’t open suspicious emails. Most everyone recognizes obvious scam emails, like those from a “Nigerian prince” offering $50,000 if you’ll just provide your bank account number. However, Lyne points out, “scams today aren’t all identifiable by poor grammar and spelling mistakes.”1 Be suspicious about anything that asks you to act right away.2
Security for all
Making sure that all devices are secure is a critical part of following the regulations of HIPAA and HITECH, and keeping your business, and your patients’ information secure. No security plan is without its weaknesses, but not implementing one at all puts you and your patients at an exponentially higher risk. Practice basic safety, and learn news ways to keep data safe as technology changes in the future.
1 TED.com. “Everyday cybercrime—and what you can do about it.” James Lyne. http://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it. Published February 2013. Accessed August 2015.
2 StaySafeOnline.org. “Tips & Advice: Practice good online safety habits with these tips and advice.” https://www.staysafeonline.org/stop-think-connect/tips-and-advice. Published October 2010. Accessed August 2015.
3 Stay Safe Online.org. “Protect your customers.” https://www.staysafeonline.org/business-safe-online/protect-your-customers. Published July 2012. Accessed August 2015.