NEW FEATURE! Special Reports: ,
Business Resources
by Category
 Search Entire Site
 Search Buyers Guide
 
 




-- Advertisement --
View a free webinar on Revenue Cycle Management.

-- Advertisement --
White Papers



Try our "Virtual Buyers Guide!"
-flip through the pages!
-search by keyword!
-download to your desktop!
-forward to a colleague!
< Home  < Articles  < Article Details

 
 
Security: Protect Your Practice and Sleep Better
Identity theft is quickly becoming the nation’s No. 1 crime. Protect your practice’s sensitive data.
 By Barbara A. Gabriel

The National Institutes of Health. The Gap. Pennsylvania Department of State. Blue Cross/Blue Shield. Harvard University. Kraft Foods. Tenet Healthcare Corporation. What do these seemingly disparate organizations have in common? They’ve all experienced either outright theft or inadvertent loss of sensitive consumer or patient data — just between February and March of this year.

The missing data ranged from dates of birth, Social Security numbers, credit card numbers, medical conditions, to even political affiliations. How did this happen? Stolen laptops, hard drives, and flash memory sticks top the list. Other organizations mistakenly sent e-mails containing private information to unintended recipients, had consumer data retrieved from discarded PCs, or experienced Web programming errors.

According to the U.S. Department of Justice statistics, identity theft is currently surpassing drug trafficking as America’s No. 1 crime.

And while the sheer size of these organizations might make them tempting targets for crooks, don’t assume that your practice is safe just because it’s smaller than the NIH. Anyone can be a victim. But there are ways to protect yourself — and your patients.

In 2006, the nonprofit Privacy Rights Clearinghouse’s analysis of data breaches found that of those reported by medical organizations, 40 percent were attributable to laptop thefts, 20 percent to “insider malfeasance,” 20 percent to “human/software incompetence,” 17 percent to non-laptop computer theft, and 3 percent to outside hackers. A study by the University of Massachusetts Dartmouth conducted in 2004 estimated that in the U.S. alone, a laptop is stolen every 53 seconds. Gartner, Inc., a worldwide IT research and advisory company, says its research reveals that 80 percent of computer crime consists of “inside jobs” by “disgruntled employees.”

In February, a laptop containing the names, Social Security numbers, and personal health information of 4,800 patients was stolen from the relatively small University Health Care in Salt Lake City. Reports of stolen or lost patient data abound among practices large and small.

Do you or your staff take home laptops to catch up on patient paperwork outside of clinic hours? Do you ensure that your staff members are able to gain access only to the patient information they need to do their jobs? Do you know where your patient information resides within your network, PCs, portable devices, and backup storage? And how secure is your practice’s office building when you’re not in it?

Very few practices can confidently answer all of these questions. And the consequences of such ignorance can be devastating.

Take the case of Compass Health, a small mental-healthcare provider in Washington, which in June 2006 reported a laptop theft to authorities. The computer contained patients’ Social Security numbers and clinical and demographic data. The practice sent letters to all potentially affected patients with information about the steps they should take as a result of the theft. And it distributed a state wide media advisory in an effort to notify other individuals for whom it did not have current contact information. And then, of course, came the calls from local and national media outlets.

All this over a single stolen laptop.

“The nature of the beast here is that the devices go missing,” says Stephen Sprague, CEO of Wave Systems, a provider of client and server software for hardware-based digital security. “So assume all your patients’ records are on that device. Do you really want to have a press conference?”

Even if, like Compass Health, you take all appropriate steps to protect your patients in the wake of a computer theft, bad press can severely damage your credibility with current and future patients.

Is paperless dangerous?

So should you just toss out your electronic equipment and go back to paper files?

You probably know the answer to that. Whether you own an EMR or not, your practice cannot operate without computers running the software that is vital to its everyday operations. So tossing your PCs out the window isn’t an option. Besides, paper is just as, or more, vulnerable to theft as is electronic equipment.



Additional Resources
View more articles from the Supplement 2008 issue

View more articles related to Technology

View more articles related to Operations
 
 


 

Home | Contact Us | Subscribe  | Site Map | Disclaimer | Privacy Policy | Change Zip Code
CancerNetwork | ConsultantLive | Diagnostic Imaging | Psychiatric Times
 SearchMedica

Copyright © 2009 CMPMedica LLC, a United Business Media company.

 
 
-- Advertisement --

Need More Help?
Ask an Expert.

What do you think?
Comment now!

In Summary
Identity theft is fast becoming America’s No. 1 crime. Physician offices that maintain large databases populated with patients’ personally identifiable information are responsible for keeping that data secure. How can you best cover your bases?

  • Don’t revert back to paper files. They are just as vulnerable — or more — to theft or loss.

  • Invest in affordable theft-detection services that may be able to retrieve lost or stolen patient data.

  • If you electronically transmit patient data to a third party, such as a claims processing firm, do your best to ensure that transmission is encrypted on both ends.

  • Physically secure all of your office’s hardware when closing your clinic at the end of each day.

  • If applicable, learn about the security measures your landlord provides your office building.

  • Consider purchasing new hardware that goes beyond password protection.

    		•
     
    Read More About It
    To stay current on trends in identity theft and to learn how to better protect your data, check out these resources:

  • Learn five easy steps you can take to keep your practice’s sensitive files from prying eyes by reading “Do You Know Where Your Data Is?

  • The Identity Theft Resource Center is a nonprofit organization dedicated exclusively to the understanding and prevention of identity theft. It maintains a comprehensive database updated daily of all detected security breaches in the U.S.

  • What are your legal responsibilities if you do experience a data breach? Go to Perkins Coie for information on each state’s legislation on security breach notification.

    		•