Cyber attacks in healthcare are on the rise, and it’s more important than ever to take the necessary precautions to boost cyber security and protect your hospital or practice.
Five Tips for Protecting Patient Data
- Internet access should be provided through a quality router/firewall.
- Ensure all computer operating systems are patched on a monthly basis. These patches fix bugs and close security gaps.
- Use an anti-virus program. Though the program is not an absolute solution to keeping others from accessing your information, it is an important element of any comprehensive security system.
- Any site, program, or computer that requires a password should be given a strong and unique password.
- Consider using contracted or onsite IT support to ensure that all elements of security are in place and functioning properly.
Five Security Components for Managing Your Risk
- Physical Safeguards – to protect your facilities, computer equipment, and portable devices you should consider alarm systems, locked offices, and screen shields.
- Administrative Safeguards – Hire a security officer, provide workforce training and oversight, control access to information, and perform periodic security reassessments.
- Technical Safeguards – Implement controls on access to EHRs by requiring passwords and having different access levels. Utilize audit logs to monitor users and other EHR activities. Install measures that keep electronic patient data from being improperly changed and perform data back-ups regularly. Secure electronic exchange of patient information by performing virus checks and keeping data encrypted.
- Policies and Procedures – Having written policies and procedures will help assure HIPAA security compliance, proper documentation, and good security measures. Written protocols on authorized users and record retention are also a good measure.
- Organizational Requirements – Ensure the practice has breach notification and associated policies as well as business associate agreements.
Cloud Storage vs. HIPAA Compliant Hosting
Cloud – When using cloud storage software for patient information, the data center is the only piece of equipment that is located off site. The information that is stored in the cloud can be accessed anywhere. When in transit to, and at rest in the cloud, data must be encrypted. The cloud storage service chosen must support the data in an encrypted state to be considered HIPAA compliant.
Compliant Hosting – This is a server-based solution and is required when a medical practice chooses not to house the hardware or data locally. Webserver, application server, and database sever are all located in the data center of a HIPAA compliant hosting provider. This service includes firewall, web or application server, and database server.
After choosing the right data storage method, utilize the aforementioned tips to help protect your medical practice from being exposed to a cyber attack. Though these tips and practices may help to minimize your risk, they do not entirely eliminate it. To protect your practice against the damages attributed to a cyber breach, consider talking to your medical malpractice carrier about cyber liability coverage.
Cowperthwaite, Eric. (2014, July 23). 6 steps for reducing cyber risk. http://www.medicalpracticeinsider.com/best-practices/6-steps-reducing-cyber-risk
HealthIT.gov. 10 Best Practices for the Small Health Care Environment. http://www.healthit.gov/providers-professionals/cybersecurity
Pollard, David. 2013, July 30. HIPAA Cloud Storage vs. HIPAA Compliant Hosting- Key Differences. http://www.connectria.com/blog/the-difference-between-hipaa-compliant-hosting-and-hipaa-cloud-storageindex-php/
Taitsman, M.D., J.D. Julie K. Grimm, M.P.A Chrisi Macrinca, and Agrawal, M.D. Shantanu. 2013, March 14. Protecting Patient Privacy and Data Security. http://www.nejm.org/doi/full/10.1056/NEJMp1215258