Secure Your Patient Records–Or Risk Going Out of Business

In recent months we’ve seen a wave of the largest data breaches in the history of health care.

First came the security breach of over 80 million records of Anthem Healthcare. Weeks later came the security compromise of more than 11 million records of Premera, the largest Blue Cross provider in the Pacific Northwest. Third came the breach of 4.5 million records of the Community Health System.

This is, indeed, very bad news for the health care field, but what does it mean for your optometric practice?

It means plenty.

Securing your data is literally life or death for your practice. Large companies may be able to survive a massive data breach and the huge fines that can accompany them, but a data breach of your practice records could easily put you out of business.

The Office of Civil Rights, a division of Health & Human Services (HHS), enforces HIPAA regulations. In recent years, the HHS has fined thousands of medical practices for millions of dollars. In fact, the HHS secretary is required to publicly post all breaches affecting the medical records of 500 or more individuals. Take a look at what is a kind of electronic “Wall of Shame.” 

Shame aside, the security breaches listed on the site may be accompanied with fines of up to $1,000 per record violated. That adds up quickly.

Major companies, as well as health care systems, have been affected by data breaches, among them Target, Home Depot and J.P. Morgan. Chances are, between all of these breaches, some of your patients’ data was involved.

You may wonder: Why this attack on health care records?

Simple fact: Hackers target the health care industry because they perceive medical providers to be lax on security. And it’s not necessarily medical records that hackers seek. They want the “keys to the castle,” that is, name, Social Security number, e-mail address and password. From this, hackers can steal your identity.

Even worse, more security breaches are increasingly likely in the future.

The simple fact–and good news–is that laxness in security easily can be spotted and corrected.

The following are three steps to take now to protect your practice—and warrant the trust of your patients that their medical records and identity are secure.

Step 1: Conduct a HIPAA Risk Assessment

Find out:
•    Is patient information stored safely?
•    Are there scans or images on a tablet out in the dispensary?
•    Are computers where patient records reside secure?
•    Is basic social media usage putting your practice at risk?
•    If patient information were to go missing, did you know that you need to report that to the Department of Health and Human Services?

Step 2: Implement any necessary HIPAA Requirements

Do you have:
•    Anti-virus and anti-malware protection
•    Pro-active network monitoring (looking for, rather than waiting for, breaches)
•    Internet and app monitoring
•    Social network controls and Internet monitoring for employees
•    Documentation of data storage and procedures
•    Back up, back up, back up!

Step 3: Document your Implementation

For your records:
•    Document security steps implemented in an edited, final version of your annual HIPAA Risk Assessment

 

 

Wes Strickling is CEO of Codex Techworks, which provides HIPAA Risk Assessments, HIPAA Remediation Solutions and IT Support & Service specifically designed for the eyecare industry. To contact him: wes@codextechworks.com or call (614) 486-9900.