How to Avoid HIPAA-Related Data Breaches
Data breaches are as prevalent as ever, with news of large-scale breaches such as Facebook and insurance company Anthem — which recently paid out $16 million over a 2015 data breach — popping up on the news nearly every week. Medical practices, though not necessarily a large target like major corporations, are often easier targets, with plenty of rich personal and financial data available.
Here are five tips for avoiding HIPAA-related data breaches:
- Perform a risk analysis of your staff and your security procedures. At least once a year, conduct a risk analysis of your staff and your practice’s procedures. This can be quite technical, including testing firewalls and antiviral software. It also includes making sure passwords are updated and changed, all software patches and updates have been installed, and software or technology is updated. Consider hiring an outside firm with expertise in HIPAA requirements to conduct this analysis. Your initial outlay will likely pay off in the long run by preventing future breaches.
- Designate a staffer to oversee security. Ensure that a staff person handles these updates and procedures. That person also needs to educate and monitor the staff on compliance with HIPAA and security procedures.
- Hire a consultant. A consultant can help review procedures and technology, which are constantly changing and requiring updates. Hackers become more sophisticated every year at retrieving private data.
- Customize computer toolbars with antiphishing applications.Some of these can be downloaded free from the Internet and are usually system-dependent. In other words, they’re designed for Windows, Chrome, Safari or Firefox. Do research before you download anything from the Internet — even antivirus and antiphishing apps. Reviews will generally give you a good idea of which ones to stay away from.
- Be skeptical and suspicious. We tend to view hackers as the ones who use computers to break into your systems. But, in fact, a lot of social engineering can lead to the same result. This includes emails and phone calls from vendors and companies suggesting that your passwords or other vital information need to be updated and you should link through to a website to update it. This is a common way for hackers to gain access to your passwords and systems, so be wary of those links. Be cautious about providing any information over the phone and alert your staff to this as well. And don’t forget, one of the most common causes of data breaches is stolen laptops!
Don’t tempt them
Health care institutions are tempting targets. In 2017, Detroit’s Henry Ford Health System had 18,470 patient records stolen. In July 2018, a virus attacked Arkansas Oral Facial Surgery Center, keeping the practice from accessing images, files and notes related to 128,000 patients. For your practice’s safety and your patients’ protection, take precautions.