Health care data is highly sensitive and highly valuable — making it a perfect target for hackers. A recent cyber attack at Stamford Podiatry Group in Connecticut put protected health information of 40,491 patients at risk, in addition to their social security numbers, addresses and more. And while this system hack of a small healthcare organization is a reminder that attacks can happen to any healthcare provider or payer organization at any time, it’s also only one of the ways that PHI can be compromised.
Human error, improperly destroyed records and insufficient ePHI safeguards can all leave PHI compromised and vulnerable to unauthorized users, malicious and otherwise. To keep these threats at bay, implement these health data management strategy essentials into your overall data management plan to keep your patient’s protected health information safe.
Train your users
Human error is one of the biggest causes of data loss and exposed ePHI. You can put all of the right systems and safeguards in place, but unless your users know how to use them successfully, your health data management strategy will remain vulnerable and flawed.
To begin with, make sure all users who handle ePHI are up-to-date on the HIPAA regulations governing it to prevent any unknowing slips. They should be aware of who has access to ePHI and who does not, how it should be safely and securely stored, how to avoid email viruses, how long patient medical records should be maintained, and how they should be destroyed when they are no longer needed.
For an overview of the information your staff needs to keep your data safe and keep your practice HIPAA compliant, read and share The Employee Handbook for HIPAA Compliance On-the-Job.
Secure your network
You can make your business less of a target to hackers by making it harder for them to hack into your network and access your files. To secure your network and portable devices:
- Hide the SSD (service set identifier) of your wireless network, or rename it to something nondescript, like “wireless,” rather than the name of your practice. This will make it harder for hackers to pick your wireless network out from other nearby networks.
- Use antivirus and antispyware protection, and make sure that all subscriptions are current.
- Disable file/print sharing outside of your file server to prevent unauthorized users from accessing your entire file system.
- Encrypt portable devices, like laptops, and ensure that all flash drives are password protected
- Be on the lookout for signs of viruses, such as a cloud backup email report that shows a higher-than-usual number of recently modified files.
Practice Proper Data Backup and Retrieval
Because ePHI is stored electronically, it’s vulnerable to a myriad of threats. Hardware failures, viruses, accidental deletion, and theft of hard drives or computers can all put you at risk of data loss. While there are several steps you can take to mitigate these problems, it is impossible to guarantee the safety of your data without using cloud backup.
Not only is practicing proper data backup and retrieval a good idea when dealing with electronically protected health information (ePHI) — it is also legally mandated. Medical practices are required to have access to ePHI at all times or they may find themselves out of compliance with HIPAA. This can become problematic when patient records have been lost due to natural disaster, human error, physical device damage or some other form of data loss.
In addition to implementing a cloud storage solution in your practice, your staff must be educated in its use as well. All employees who have access to ePHI should be aware of HIPAA policies regarding the storage and access of confidential information.
To take some of the burden off of your staff, be sure to invest in a HIPAA compliant backup solution that backs up your data continuously and automatically, without user feedback or scheduling. Too often, employees forget to schedule a backup and lose important data as a result. A continuous, automatic cloud backup service can prevent that and keep your ePHI safe from loss and deletion.
Additionally, cloud backup can also be used to recover virus encrypted files due to a cryptoware attack — provided your cloud backup provider offers unlimited version history retrieval, like Nordic Backup does. Any less than unlimited and you may realize too late that your ePHI has been encrypted and its retrieval is at the sole discretion of the hackers requesting ransom payment.
Make cloud backup easier on your medical practice. Invest in a continuous, automatic cloud backup service now so your patient’s EHR will always be retrievable.
