Medical Offices Should Safeguard Data

Last month the FBI issued a warning to the healthcare industry that they are being targeted by hackers intent on procuring Protected Healthcare Information (PHI) and Personally Identifiable Information (PII).  The warning came after a high profile data breach at Community Health Systems, Inc. that put millions of patient records at risk.

FBI has long been concerned that data security in the healthcare industry is not as stringent as other industries that have been more prominent hacker targets.  Across industries, large and smaller players have both been victims of data breach.  Small medical practices need to take the same precautionary steps as giant healthcare providers to safeguard their patient’s PHI and PII.  Krause CPA and Business Advisors works with medical practices throughout Colorado to help them secure their customer data and their financial future.

Follow these data security best practices to protect your patients and your practice:

1. Use strong passwords and change them regularly Because more complicated passwords are harder to remember, many employees create simple passwords and re-use them across many applications putting themselves at higher risk.  Strong passwords should be at least eight characters and should include a combination of upper and lower case letters, symbols and numbers.  Even strong passwords need to be replaced on a regular basis.

2. Protect your systems with anti-virus software and firewalls Hackers often reach smaller businesses and individuals via viruses that infiltrate their computers and make files vulnerable.  HIPAA compliance is essential and requirements are continually being updated.  All practice devices need to be loaded with anti-virus software that is updated on a regular basis.  Employees should be trained to identify and avoid common sources of viruses such as email attachments and software downloads from not reputable companies.  Anti-virus isn’t sufficient to protect EHR systems, these need to live behind a firewall configured by an IT security expert.

3. Screen employees thoroughly before hiring For small businesses, many security breaches come from within — employees who steal financial or personal information in order to make a profit.  Because of the sensitive nature of medical information, healthcare practices need to be extra thorough in completing background checks for all employees and limiting access within the practice.

4. Control digital and physical access to confidential information Passwords play a big role in controlling access to confidential information, but limiting access based on job function is also important.  Only individuals who need access to information should be able to view patient records.  Physical space need to be adequately secured as to mobile devices which may provide access to confidential information.

5. Create a security culture The best thing you can do within your practice is to create and continually reinforce a security culture.  User error is the most common factor in security breaches so the more your team understands the role they play in safeguarding patient information, the more likely they will be to take the required precautions.

How to Use this Information Whether you work in a giant healthcare system or a single office practice, you owe it to your patients to secure their personal information.   Heed the FBI warning and learn about the steps you need to take to practice best-in-class Healthcare IT security.  Krause CPAs and Business Advisor is a leading Denver CPA firm supporting medical practices.  We can help you audit your security practices and your business practices.  Call us today at 303-691-5090 or contact us online.