Cyber criminals and hackers are targeting the healthcare industry at staggering rates, and huge profits are being made on the black market from patient’s PHI (personal healthcare information). PHI is said to be ten times more valuable than credit card information because it contains highly sensitive data such as social security numbers, birth dates, addresses, credit card information, telephone numbers, Medicare numbers, and prescriptions. The threat of a healthcare breach not only puts an organization or medical practice at risk for a HIPAA violation or fine, it also threatens the core of the business because it damages patient trust.
Keeping patient’s PHI secure should be a top priority for all healthcare providers. The following are steps to ensuring your patient’s medical data is safe:
- Training-Training may be the best line of defense against data theft. Ensure all staff is familiar with privacy policies and security measures. Educate staff on medical identity theft and how to keep patient data secure.
- Protect mobile devices- Patient data is often stored on devices such as laptops, smartphones, and tablets. Use encryption and passwords to avoid a potential data breach. Also, ensure employees never leave their mobile devices unattended.
- Do not open emails from unknown senders-Attempts for data breach often occur through unsolicited emails called “phishing.” Instruct staff not to open any emails that are unfamiliar and never open any attachments or links from an unknown sender.
- Make data protection a part of business associate agreements- Extend security policies to your business associates. Make sure any outside vendor that has access to your patient information also follows your security and privacy policies.
- Antivirus -Ensure all software and antivirus programs are regularly up to date.
- Secure your network server and wireless networks- Make sure network passwords are secure and changed frequently. Ensure routers and other components are kept up to date. Set up firewalls and antivirus for all devices that connect to the internet. Lock up any storage devices and secure your network server so that it is difficult to remove.
Common security mistakes include:
- Employees sharing workstations or user IDs
- Leaving screens or workstations unsecured
- Sending patient medical information via unsecured email
- Using unsecured laptops, tablets, and smartphones
- Texting patient medical information
- Discussing private patient medical information to family or friends.
- Failure to obtain the proper release/consent form.
The threat of a medical data breach is a reality that all healthcare organizations, providers, and practices much face. Now more than ever, the importance of proper training and security solutions are necessary to protect patients.