Secure Your Patient Records–Or Risk Going Out of Business

Secure Your Patient Records–Or Risk Going Out of Business

In recent months we’ve seen a wave of the largest data breaches in the history of health care.

First came the security breach of over 80 million records of Anthem Healthcare. Weeks later came the security compromise of more than 11 million records of Premera, the largest Blue Cross provider in the Pacific Northwest. Third came the breach of 4.5 million records of the Community Health System.

This is, indeed, very bad news for the health care field, but what does it mean for your optometric practice?

It means plenty.

Securing your data is literally life or death for your practice. Large companies may be able to survive a massive data breach and the huge fines that can accompany them, but a data breach of your practice records could easily put you out of business.

The Office of Civil Rights, a division of Health & Human Services (HHS), enforces HIPAA regulations. In recent years, the HHS has fined thousands of medical practices for millions of dollars. In fact, the HHS secretary is required to publicly post all breaches affecting the medical records of 500 or more individuals. Take a look at what is a kind of electronic “Wall of Shame.” 

Shame aside, the security breaches listed on the site may be accompanied with fines of up to $1,000 per record violated. That adds up quickly.

Major companies, as well as health care systems, have been affected by data breaches, among them Target, Home Depot and J.P. Morgan. Chances are, between all of these breaches, some of your patients’ data was involved.

You may wonder: Why this attack on health care records?

Simple fact: Hackers target the health care industry because they perceive medical providers to be lax on security. And it’s not necessarily medical records that hackers seek. They want the “keys to the castle,” that is, name, Social Security number, e-mail address and password. From this, hackers can steal your identity.

Even worse, more security breaches are increasingly likely in the future.

The simple fact–and good news–is that laxness in security easily can be spotted and corrected.

The following are three steps to take now to protect your practice—and warrant the trust of your patients that their medical records and identity are secure.

Step 1: Conduct a HIPAA Risk Assessment

Find out:
•    Is patient information stored safely?
•    Are there scans or images on a tablet out in the dispensary?
•    Are computers where patient records reside secure?
•    Is basic social media usage putting your practice at risk?
•    If patient information were to go missing, did you know that you need to report that to the Department of Health and Human Services?

Step 2: Implement any necessary HIPAA Requirements

Do you have:
•    Anti-virus and anti-malware protection
•    Pro-active network monitoring (looking for, rather than waiting for, breaches)
•    Internet and app monitoring
•    Social network controls and Internet monitoring for employees
•    Documentation of data storage and procedures
•    Back up, back up, back up!

Step 3: Document your Implementation

For your records:
•    Document security steps implemented in an edited, final version of your annual HIPAA Risk Assessment


Wes Strickling is CEO of Codex Techworks, which provides HIPAA Risk Assessments, HIPAA Remediation Solutions and IT Support & Service specifically designed for the eyecare industry. To contact him: or call (614) 486-9900.

AAO is San Fran

The American Academy of Ophthalmology put together another impressive show in collabortion with the Pan-American Association of Ophthalmology in San Francisco in October.  Taking up most of the convention and hotel space downtown, the show drew over 30,000 attendees.

Technology was again the topic du jour.  EHR and Diagnostic Equipment that integrates with EHR packages was at the top of that list.

The Technology Pavilion was the site of my joint talk with Ryan Burke, National Sales Manager Informatics at  Topcon Medical Systems.  We did several talks for different groups on the future of the Eye Care Practice.  We dealt extensively with the process and steps that lead up to the full implementation of an EHR system and then the steps following the implementation of EHR.

To become a truly Paperless Practice,  implementation of EHR is only the beginning.  Diagnostic equipment needs integrated with the EHR system so that clinical data is easily available in a digital format in the lane.

All ran smoothly in San Francisco.  Well, mostly.  Running those San Fran hills was brutal!

EastWest 2009

Another great EastWest was had this year in Cleveland.  Kudos to the Ohio Optometric Association for another great show.

Codex again sponsored the show’s Internet Café.  This year we also hosted a late night buffet Friday night at the Marriott after Fat Fish Blue for Bad Habits and co., clients and friends.

Many questions concerning the transition to EMR were discussed both on the exhibit floor and late into the night.  This seems to be on everyone’s mind, even those who have already made the switch.

Before Q’s:  How will it effect my practice flow?  Will we have to close the office for a few days?  What happens if my computers act up?

After Q’s:  Things just aren’t working like promised.  The VSP integration isn’t working! It is just so SLOW!!!

We’ve got the answers.  We know EMR.  Get in touch with us and let us help make your transition smooth and painless.

P.S.  As for the picture, if you were there you know; if not it’s quite the non sequitur…

MaximEyes 2009 Users Conference

Last week, I had the pleasure of speaking on the Information Technology panel at the MaximEyes Users Conference in Portland, Oregon.

Eye care professionals from all over the country converged on First Insight’s headquarters to learn How to Optimize Office Efficiencies with Technology.

And while it appears in the above photo that I could be contemplating the weight of a moderate-sized Oregon beaver, here’s the truth:

I’m actually speaking on the use of cutting edge technology to help practices run more efficiently, reduce costs, and stay productive even when disaster strikes.

My Part-Time Job

As if running a busy business and raising two children as a single father isn’t fulfilling and all-consuming enough, I took on a big project last winter and spring: Co-Chairman of the Columbus Downtown Kiwanis Club annual benefit auction.

Whew.  Anyone who’s ever done something similar can attest – it’s a part-time job.  But what a fantastic part-time gig it was.

Months of committee meetings, canvassing for donations and coordinating all the arrangements with our very stunning venue, the Columbus Museum of Art, and we surpassed our fundraising goal – over $20,000 was raised for the Columbus Kiwanis Foundation, to benefit the children of Central Ohio.