Are you doing enough to protect your healthcare practice against data breaches? Some people assume that hackers only target banks and financial institutions. After all, these organizations are usually the ones with the most valuable, sensitive information. Unfortunately, though, many hackers have begun to place their crosshairs on healthcare practices and insurance companies in recent years, such as the case involving Premera, Inc. So, what steps can you take to protect your healthcare practice against data breaches?
Properly Dispose of Documents
Whether they are paper or digital, documents containing sensitive patient information should be properly disposed of in a manner that prevents its restoration. It's not uncommon for some practices to simply toss patient files in the trash, at which point they end up the dumpster where anyone can go “dumpster diving” for them. Paper files should be shredded and/or incinerated, whereas digital files should be completely wiped from the respective drive or storage device.
Unique User Identification System
Healthcare practices should implement a system in which each authorized user on the network is given a unique identification number. This number should be used anytime the user logs into the network to access or update Electronic Protected Health Information (EPHI). If there's ever a breach, the admin can check the server logs to see from which user the breach came.
Choose Third-Party Organizations Wisely
If you are going to partner up with a third-party organization, make sure they are trustworthy and have their own security measures to protect against data breaches. Allowing another company or entity to access your PHI could open the doors to a world of new problems if they lack proper security. Furthermore, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires covered entities to create Business Associates Agreements (BAA) for each and every third-party organization with whom they do business.
While there's no HIPAA Rule or requirement stating that healthcare practices must encrypt their data, doing so will almost certainly prove helpful in reducing the risk of a data breach. Even if a hacker were to access the data, he or she wouldn't be able to use it, assuming the data is properly encrypted. All data accessed, stored and used should be encrypted to reduce the risk of a data breach.