10 Ways to Protect Your Practice Against Alarming Data Breaches
From security breaches at some of the largest insurance companies in the world to major hospitals being held hostage, cyber-attacks on medical records has increased dramatically.
Even HealthCare.gov, home of Obamacare, was hacked but no personal information was reportedly stolen. According to the Department of Health and Human Services, hackers gained access to 100 million healthcare records in 2015, despite increased security measures as dictated by the Affordable Healthcare Act.
There are several things you can do in your healthcare practice, to reduce the risk of data breaches. As they say, prevention is better than cure. In fact, you need to establish policies for data loss prevention and have a plan in place, to respond to security incidents. This can insulate your practice from penalties (which can be as high as $1.5 million)
RISE IN HIPAA DATA THEFT
Clinics, hospitals and insurance companies can (and will) be held ransom by data thieves, since data theft is on the rise. Despite improved security following a cyber-attack, there’s no guarantee that hackers won’t leave (or find) a way in for future attacks. It’s what they do, they are ‘professional bad guys’.
Facilities that have been hacked need to notify patients, and engage in measures to protect their reputation with patients and the community. Some organizations have provided free credit monitoring to affected patients, but measures like these have the potential to bankrupt smaller practices.
Hackers Can’t Wait to Steal Patient Information
Digital records represent an opportunity for monetary gain for hackers, but identity theft is a multi-billion dollar industry and the underlying cause of medical record hacks. The information contained within medical records is more than sufficient to obtain loans, credit cards, purchase high-end properties and products, commit tax fraud, and collect through fake bills submitted to insurers.
The information contained within medical records is more than sufficient to open up new accounts, commit tax fraud, get phony tax refunds, and collect payment through fake bills submitted to insurers.
CAUGHT BY SURPRISE
HIPAA regulations governing privacy and security weren’t designed to counteract the depredations of cyber-attacks
HIPAA Wasn’t Prepared for This
HIPAA regulations governing privacy and security weren’t designed to counteract the depredations of cyber-attacks. Smaller practices don’t have the financial resources for the most sophisticated security software or a team of IT professionals to identify hacks when they occur. While no system can be completely secure, there are steps practices can implement to help keep patient records safer.
- Encrypt stored data. Encrypted information can’t be read or understood by anyone who doesn’t have the “key”
- Utilize an EMR’s access control tools for passwords, PIN numbers and limit access only to authorized personnel
- Install sophisticated firewalls, intrusion detection software, and ensure licenses are current
- Initiate an audit trail to monitor who accessed information, when and any changes that were made
- Institute training programs for all staff on maintaining HIPAA regulations
- Never leave laptops or tablets open or unattended
- Don’t store data locally on laptops, tablets or thumb drives
- Delete information on PCs, tablets, laptops, copiers, FAX machines and medical equipment before they’re discarded
- Ensure all Wi-Fi connections are secure
- Use date/time stamps to identify when records were accessed and by whom
HIPAA Data Leaks Have Long-Term Repercussions
Cyber-attacks on medical practices and facilities account for 33 percent of all medical record thefts, making security an even bigger concern than ever before. Unlike credit and debit cards that can be cancelled, hackers can utilize information from stolen medical records repeatedly.
In Touch EMR™ provides military-level encryption for medical professionals to maintain compliance and ensure patient records remain safe.