Small healthcare providers are generally required to wear multiple hats – health care provider, business owner, human resources manager, part time information technology (IT) manager, and more.  With the introduction of HIPAA over the last several years, your IT role has expanded to include information security.  One of the most important yet confusing aspects of information security is identifying what information needs to be secure, and where that information is located.  If you are like most offices in the digital age, you use a variety of electronic programs and services to manage your patients and to manage your practice.  Practice management software, email, electronic claims processing are just some of the programs we all use to accomplish our tasks. Sometimes, it is difficult to identify what information needs to be protected and where that information is located.

The first step is to identify the difference between data and programs.  The best example is to use a program most everyone is familiar with – Microsoft Word.  Microsoft Word is a program; the documents it creates/edits are called data.  To expand that thought, your practice management system is a program and information that it stores is called data.

The next step is to determine where that data is stored.  Referring back to the Microsoft  Word example, you can store “word” documents on a server, on a local hard drive, on a thumb drive or even on the internet located in the “cloud”, like DropBox or Skydrive.  Sometimes the programs you use determine where the data is stored; sometimes you or your IT manager select where the data is stored.  You may need the assistance of your IT vendor to help you determine where all your data is stored – this is where your patient’s protected health information (PHI) is located and needs to be secured. Work with your IT vendor and/or office manager to identify all areas where patient data may be located.  Here is a basic list of areas to consider:

  1. Practice Management Program data – usually located on a central server, but sometimes may be stored in the cloud.

  2. Photos, documents, spreadsheets, PDF files, PowerPoint slide shows – should be located on a central server, but often times they are stored in local computer folders and/or the desktop

  3. Email – Emails are usually stored in an email program like Outlook, but also may be stored in the cloud or both

  4. DVDs, CDs, USB drives (removable media) – these data storage locations tend to be one of the most overlooked areas that contain patient information

  5. Mobile devices – mobile phones and portable computers/tablets often hold data.  These devices are highly susceptible to data theft; if you have to carry patient information on your mobile device, verify that the information is protected

Subscribe to our mailing list

* indicates required