Posted by: Heather Shy on May 15, 2020 at 8:00 am
8 Easy Ways Medical Office Managers Can Secure Patient Protected Health Information
As an experienced medical office manager, you no doubt know how to keep physical patient health information secure. You probably already have policies about locking doors and file cabinets, and keeping printed documents out of sight. With HIPAA regulations, however, many office managers may suddenly find themselves dealing with electronic records held in the cloud, and other cybersecurity concerns.
While this may seem like an unnecessary hassle, securing electronic PHI is part of patient care! After all, keeping this data safe helps them avoid identity theft, credit issues, insurance problems, and other life complications.
What do medical office managers need to know about securing electronic PHI? Here are 8 easy ways medical office managers can secure patient protected health information:
- First of all, never ever assume that your practice is too small to be targeted. Since PHI has a high “street value,” hackers take any and every opportunity to they can find to get their hands on it. These criminals also specifically target smaller practices because they expect that electronic data security will be lax. Accepting this reality is the first step to secure patient protected health information.
- Close files and log off after accessing records. Don’t leave program windows or web sites open. There are programs that automatically scan the internet, looking for openings they can use to break into medical practice computer networks. Closing computer program windows when not in use helps prevent security breaches.
- Have a robust password policy. Ideally, each staff member and doctor needs their own password for each program used. This is not always possible, but the more unique you can make each password, the harder it is for hackers to break in. Use high-security password rules requiring a combination of letters, numbers, and special symbols.
- Use only secure wi-fi. Obviously, this means avoiding accessing patient information at the local coffee shop. However it also means not sharing the staff wi-fi password with patients. Staff and patients or guests should not be on the same wi-fi network! Office wi-fi should be configured so that office staff has secure access and guests have a separate “channel.” The patient channel can also be secured with a password; however, doctors and other staff should never use the patient channel to access medical records, insurance information, or other PHI.
- Keep track of laptops, hard drives, flash drives and other necessary portable media. When replacing old computer hardware, make sure to clear it of any patient PHI and dispose of it properly.
- Be aware of “phishing” and other scam emails. You don’t need to know every single format for these, but a basic awareness of some ways to identify scam emails will help your staff avoid being taken in.
- Document everything.
- Keep up with HIPAA-mandated security assessments. This takes time, but it provides an important checklist to secure patient protected health information.
Ignoring the security of your patient data puts your entire practice at risk. HIPAA enforces hefty fines, and even criminal prosecution, on doctors who neglect to secure patient protected health information. Your business could lose money, patient trust, and community reputation if secure patient PHI is ignored.
You don’t have to go it alone. Teaming up with a managed service provider experienced in healthcare IT to secure patient protected health information is a good way to make sure your practice is in compliance. If you need help, contact us at the form on the right.