According to Accenture analysis, healthcare providers that do not make cyber security a strategic priority will put $305 billion of cumulative lifetime patient revenue at risk over the next five years. Now is the time for healthcare providers, health plans and other organizations to strengthen cyber security capabilities, improve their defenses, build resilience and better manage breaches. Most importantly, they can give consumers the confidence that their data is in trusted hands.
9 Powerful Tips That Will Help You Keep secure:
1. Protect the data once in your hands.
The owner of the physical record is responsible for controlling access by others in accordance with privacy law. You need to demonstrate that privacy and security in the digital realm is a top priority for your practice — that you are willing to take collective responsibility to protect yourselves and patients from growing threats to online privacy and freedom. Medical records are kept strictly confidential, and should never be disclosed to anyone without your written permission. It is difficult to contain all breaches; however, it is your responsibility to do the best you can.
2. Block access to USB ports.
USB security help organizations avoid unnecessary data theft, while also protecting against malware introduced by employees’ devices. Encrypting USB drives isn’t enough to effectively secure them, that’s why organizations have to limit USB device use to specific employees or restrict access to USB ports all together. Organizations can encrypt USB drives or disable AutoRun, so programs on a USB drive don’t run automatically when inserted; however, these strategies aren’t enough. Limiting the use of devices based on work groups and domain membership can also help you avoid USB threats and keep your organization secure.
3. Educate your employees about password strength and password memorization techniques.
An important technique in protecting your privacy and your documents is the proper use of passwords. Passwords are the keys to accessing everything you do online. It seems though as a combination of approaches might work better than just lengthy passwords. Security experts agree that upper and lowercase alphanumerical characters are good practices for increasing passwords strength and making it capable of resisting guessing and brute-force attacks. So create passwords that have no direct relationship to you personally. Create a combination of Upper case, special characters and numbers for added security and to make them less predictable. It’s a big step forward in improving your enterprise data security posture and protecting your company from the inside out.
4. Make sure your system admin creates and enforces a strict access policy.
Access controls give organization the ability to control, restrict, monitor, and protect resource availability, integrity and confidentiality. Make folders inaccessible by default until the employee requests permission from the system admin. This may not be the most convenient solution but it’s worth the added hassle to avoid an enterprise data security breach. Most health care organizations have policies that establish special protections for sensitive information, make sure you do as well.
5. Be aware of your surroundings when accessing your records, especially if accessing them on mobile or public devices.
If you’re in a public location, don’t access private information such as patients emails, patients files, bank accounts, etc. Keep your searches limited and be aware of anyone who may be focused on you while working on their own devices.
6. Consider carefully who you share your care records with and if you are in any doubt, don’t share at all.
Share Your Care means that important information about you is available immediately and securely to those who are caring for you, at whatever time of day they need it. Rest assured that not everyone looking after you is able to see every detail in your records, however you should be aware of who is and what they have access to. Which information a professional can access depends on their role in your care. A hospital consultant might need to see all of your records, but others might have restricted access. Have a plan for this procedure.
7. Always back up your data.
This seems so obvious, but you would be amazed at how many offices do not have a plan. It is essential that you always back up your important information and have a plan for recovering from a system failure. We recommend doing this off site, but highly secure. An attacker could crash a computer's operating system or data may be corrupted or wiped out by a hardware problem. Computers can be lost, stolen, or destroyed in a fire or other catastrophe. You should back up your personal or critical work data on a regular basis. This means copying your files over to a protected system that you can access when those files are needed.
8. Create a disaster recovery and incident response plan.
Not all events are emergencies, and not all emergencies become disasters. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption. Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups and periodically validating that data has been accurately backed up.
9. Always sign off when finished.
Nurses, doctors and office staff should always sign off from the system when EMRs are no longer needed, and no record should be left opened on the computer when staff is out of the office or away from that computer.