NEW FEATURE! Special Reports: ,
Business Resources
by Category
 Search Entire Site
 Search Buyers Guide
 
 




-- Advertisement --
View a free webinar on Revenue Cycle Management.

-- Advertisement --
White Papers



Try our "Virtual Buyers Guide!"
-flip through the pages!
-search by keyword!
-download to your desktop!
-forward to a colleague!
< Home  < Articles  < Article Details

 
 
Technology: Data Security for Non-Techies
You don’t have to hold a degree in computer engineering to keep your data safe. Here are some simple security gaps anyone can plug.
 By Pamela Moore

Let the high-techies do their thing

You — and many physicians along with you — might focus on the safety of new-fangled, Web-based software and encrypted e-mail rather than actual physical protection, such as shredding sensitive papers or locking the chart room door. But be honest. Are you truly the best person for such high-tech concerns? Probably not. So let the experts handle it. You’ll find that an application service provider that lets you run, say, an EMR or practice management software over the Internet “can be more secure than the average paper-based office,” Duncan suggests.

Cothren agrees. Thankfully, this layman-level worry is slowly abating. “More and more people are becoming comfortable with the security level you can put on encrypted information you send over the Internet,” he says. “Most ASP vendors will have more secure systems than most physician offices.”

Just perform your due diligence and create a chain of trust or business associates agreement, Hertzberg suggests.

Running a more secure office takes awareness and endless scrutiny, and it’s not a once-and-done job. Take time to regularly look for holes.


Top Five Recommendations for Securing Patient Data

Take Windows seriously: No one seems to remember that in order to get to sensitive patient information, the system that will be hacked first (if necessary) is the Windows platform it runs on. Without the desire for security on the part of the practice owner, there will be no implementation of security.

“Password” is not an acceptable password: While an outpatient office can be small, it needs to deal with passwords like a major hospital would, requiring separate user accounts with complex passwords (using a combination of mixed-case letters, numbers and special characters) and requiring that passwords change periodically.

Protect against malicious software: Microsoft’s Windows Update can be set to look for patches daily, although Microsoft has a designated “Patch Tuesday” for critical patches and updates to ensure each Windows computer is up to date and able to fend off any known vulnerabilities. Additionally, anti-spyware and anti-virus solutions should be employed to fend off anything that patches don’t cover. While a hacker may not be looking to access your protected health information (PHI), they certainly will take advantage of the situation should they be able to gain administrative control over one of your Windows desktops. Social Security numbers are very appetizing these days.

Automatically lock your PC: When an employee of the office steps away from their PC, after a period of inactivity, Windows can kick in a screensaver that requires a password. This is critical; how many times a day does a physician or nurse step out of a room and leave a PC unattended? 

Where in the network is your PHI? Most practice owners think that their sensitive data only resides in the practice software application. But how about that letter to the insurance company that was written about Mr. Smith’s condition? Or the spreadsheet that contains patient addresses, Social Security numbers, and other information? These files are a necessary evil to keep an office running, but those documents also need to be secured. This means the location in which they are stored (whether local on a single PC or on a common server in the office) needs to be established, potentially sensitive documents need to be placed in that location, and that location needs to be secured to ensure only appropriate access.

Source: Nick Cavalancia, vice president of marketing, ScriptLogic Corporation, Boca Raton, Fla.



Pamela L. Moore, PhD, is senior editor, practice management, for Physicians Practice. She can be reached at pmoore@physicianspractice.com.

This article originally appeared in the November 2007 issue of Physicians Practice.
Additional Resources
View more articles from the November 2007 issue

View more articles related to Technology
 
 


 

Home | Contact Us | Subscribe  | Site Map | Disclaimer | Privacy Policy | Change Zip Code
CancerNetwork | ConsultantLive | Diagnostic Imaging | Psychiatric Times
 SearchMedica

Copyright © 2009 CMPMedica LLC, a United Business Media company.

 
 
-- Advertisement --

Need More Help?
Ask an Expert.

What do you think?
Comment now!

In Summary
It’s important to keep the patient data in your office safe and secure. Here are some basic steps to take:

  • Don’t focus on electronic security at the expense of more mundane issue, such as locking the record room door.

  • Create unique passwords for each staff member. Ideally, passwords should include numbers and letters and should be changed every 90 days, as well as whenever a staff person leaves. But don’t make memorization so hard that staff resort to posting passwords on their monitors.

  • HIPAA is the biggie for medical practices, but also pay attention to compliance rules meant to prevent identity theft. How are you protecting credit card and Social Security numbers?

  • Be ever-vigilant for problems, and take corrective actions immediately.

    		•
     
    Read More About It
    Additional articles, tools, and Web sites related to security and privacy include:

  • Not sure how long to keep certain records before destroying them? Get some free legal help by reading “Record Keeping 101.”

  • Shore up the trust between you and your application service provider by downloading a “Business Associate Agreement: HIPAA” from our Tools section.

  • The American Health Information Management Association offers a credential in healthcare privacy and security on their Web site.