3 Ways to Prevent Data Breaches in Your Practice
You run a successful, five-physician medical practice with a solid financial base and a relatively small number of mostly happy employees. Congratulations. You are one of computer hackers’ favorite targets.
As recently as 2013, smaller businesses and organizations represented 62 percent of all data breaches, according to that year’s Verizon Communications Annual Data Breach Investigations Report. In this year’s report, Verizon acknowledges the recent spate of large institutional data breaches, such as Target, Anthem, Inc., and the US government’s Office of Personnel Management, but cautions smaller businesses and organizations not to relax.
“No industry is immune to security failures. Don’t let a ‘that won’t happen to me because I’m too X’ attitude catch you napping,” the report states.
For starters, the 2015 report says that healthcare, financial services, and public agencies were more affected than any other sector by data breaches in three key areas: theft/loss; insider abuse; and error. On the bright side, the report offered information on how to combat data breaches in those areas:
- Theft/Loss. The key to preventing data in this area, the report says, is to make sure data is securely protected on individual computers and devices so that if someone takes a piece of equipment, the data will not be accessible. Also, make it easy for employees to report lost or stolen devices and make sure the proper personnel or department is keeping track of devices.
- Insider Abuse. Fortunately, this is one area in which technological advancements can help track, detect, and even predict data breaches. The Verizon report says that computer forensics tracking methods can spot such things as the amount of data being transferred among users, data access patterns, and the amount of time an individual spends in “activities indicative of job satisfaction or discontent.” (The report does not specify what those activities would be.)
- Unfortunately, more than 60 percent of data breaches within an organization were caused by errors made by the organization’s own staff, particularly system administrators. About 30 percent of those breaches involved transmission of sensitive information to incorrect recipients—a particularly stress-inducing error since the enactment of the Health Insurance Portability and Accountability Act (HIPAA). Reducing errors requires a multi-faceted approach, including checks of control effectiveness; and learning from past mistakes so that you can make changes to prevent them in the future.
For more information about the findings of Verizon’s 2015 report, which is funded by more than 70 Internet, security, and information technology companies and organizations, click here.
Many of these issues can be addressed with the implementation of a strong HIPAA program that incorporates not only privacy but security as well. Prevention is always the best “medicine” and much more cost effective. If you do not have a HIPAA program in place and would like a copy of the most current HIPAA program then please visit our e-store where you can purchase the entire document for less than it will cost you to report a breach to the Department HHS or your corporate attorney. The cost of the mediated actions following a breach of your data is very expensive and all your patients will need to be notified. I am confident that patients will chose to leave your practice if they are notified of any type of financial, medical or personal breach of information.
If you’d like to learn more about United Physician Services, our consulting services, and revenue-enhancing techniques, contact us today at (602) 685-9500 or visit our website at upshealthcare.com. Also, feel free to e-mail us anytime at firstname.lastname@example.org.
Written by Rochelle Glassman, Principle Consultant, UPS Healthcare