Effectively protect your patients’ confidential information and learn how to prevent data breaches
We don’t mean to scare you, but…
According to the Office of Civil Rights (OCR), there were 253 healthcare breaches that affected over 500 individuals or organizations in 2015, resulting in a combined loss of over 112 million records. The top 10 data breaches accounted for over 111 million records that were lost, stolen, or inappropriately disclosed. 90% of these top ten breaches were found to be a “Hacking/IT Incident.”
The numbers are staggering, and they show no sign of slowing down.
Healthcare breaches pose serious issues for both patients and providers. But before we learn how to prevent data breaches, we need to better understand what kind of issues these are.
For patients, these breaches mean that private and personal information, such as social security number, home address, medical history, etc., could fall into the wrong hands. It could result in identity theft, leading to financial damages that could take years to repair.
For providers, these incidences affect the trust and relationships they’ve built with their patients over the years. These breaches could also have legal implications and it’s not uncommon for healthcare companies to pay out a large sum of money to affected patients in an effort to mediate the impact of such breaches, meaning knowing how to prevent data breaches can save a great deal in time, money, and headaches.
To protect your patient’s privacy and your office’s reputation as well as legal and financial interests, here’s how to ensure that your patients’ information is safe:
Protect Your IT System from Hackers
- Your patients’ information is stored in your office’s computer system so be sure to take the necessary security measures to protect your IT network from hackers:
- Many hackers exploit “holes” in outdated software to get into a seemingly secure system. Make sure everything connected to your network is up-to-date — including personal devices that you and your staff use to log into the network.
- While it may be obvious in how to prevent data breaches, it’s perplexingly uncommon. Use strong passwords that can’t be easily guessed or bypassed. You can use password managers like 1Password or Lastpass to automate the generation and storage of complex passwords.
- Use two-factor authentication for logging into the system — even if a hacker is able to get hold of a password, it’s highly unlikely that he also manages to have stolen your smartphone or token as well.
- Don’t click on links or download files in suspicious emails — hackers could get into email accounts of people you know and send out emails using their accounts. Want to know how to prevent data breaches? Be cautious. When in doubt, confirm with the sender before opening any attachment or clicking any link.
- When you retire any old hardware (e.g. hard drives, tablets) make sure all information has been wiped completely and permanently.
It’s also important to educate your staff on IT security so they won’t unknowingly give hackers the opportunities to breach your system.
Work With Trusted Vendors
There’s a lot of work involved in running a medical practice — so it’s likely that you have a few third-party vendors working for you to assist with various operational tasks, e.g. medical billing. These vendors go a long way in the fight of how to prevent data breaches.
When you outsource any task, you’re putting your patients’ information, and their trust in you, into the hands of a third party vendor. It’s critical that any vendor with access to your patients’ private and sensitive information has the correct security measures in place to protect the patient’s’ privacy.
Here’s what you need to know when selecting a third-party vendor who’d have access to your patients’ information:
HIPAA vs. HITRUST CSF
Most healthcare practitioners are aware of the Health Insurance Portability and Accountability Act, or HIPAA, and its security rule designed to protect electronic Protected Health Information (ePHI).
The HIPAA Security Rule covers three security parameters — physical, technical, and administrative. Any entity that works with confidential electronic data in or related to the healthcare industry must comply with these guidelines.
So what does this mean in regards to how to prevent data breaches? It means, at the very least, the vendors you work with must be HIPAA compliant if they handle any of your patients’ confidential information.
HIPAA was enacted by the U.S. Congress over 20 years ago in 1996 — which makes it a granddad by today’s fast-evolving digital standards. It also has the drawback of being a non-standardized and non-prescriptive compliance framework that doesn’t include an assessment and certification process.
If you want a more rigorous security framework to protect your patients’ information and want to know exactly how to prevent data breaches, then consider vendors that are HITRUST CSF certified.
The Health Information Trust Alliance (HITRUST) is built upon HIPAA. It’s designed by a collaborative body of leaders in healthcare, technology, business, and information security.
HITRUST also brings together the various entities set up by federal agencies and “harmonize” them to create a comprehensive set of security guidelines employed by the entire body.
While HIPAA penalizes breaches after the fact, HITRUST CSF ensures vendors have the security measures in place to prevent breaches by enforcing a rigorous assessment and certification process. In the never-ending quest to learn how to prevent data breaches, HITRUST could be the answer you’ve been looking for.
Data and Security
All data transferred between your office and your vendor, or stored in your vendor’s system, needs to be encrypted using the latest industry-standard encryption algorithms. All equipment that handles patient data – including hard drives and mobile devices – must have encryption enabled.
If you switch vendors, make sure all the patient records stored with your previous vendor are destroyed completely and permanently!
Cloud computing is becoming increasingly popular. It offers many advantages, including convenience and cost-effectiveness. However, if you want to know how to prevent data breaches, know that it also exposes organizations to higher security risks especially if the cloud environment is shared by many other users.
If any of your patients’ information is transferred via or stored in a cloud-based system, make sure to inquire about the security measures put in place to protect it from hackers.
Evaluation and Auditing
Hackers are constantly looking to exploit system and software for vulnerabilities, so you need to make sure your vendors are staying on top of all security measures. You will also want to incorporate periodic evaluation and auditing of your vendors into the standard operating procedure to ensure that they remain compliant with all industry regulations.
Selecting vendors that are HITRUST CSF certified will bring you peace of mind — they’re regularly assessed by a strict, comprehensive standard to maintain their certification, which means you will assure safety and security for your confidential information.
Dan Wand is a software & data expert who has over twenty years of IT systems experience. Mr. Wand enjoys fishing and being a father to his seven Children.