5 Best Practices for Keeping Your Patient's Medical Data Safe
Medical identity theft has more than tripled over the past five years, as hackers and cyber-criminals target the healthcare industry at alarming rates. So why are medical records so valuable to data thieves? Personal medical data is said to be more than ten times as valuable as credit card information. Just one patient record contains an enormous amount of identity information that hackers can exploit, including:
- Full name
- Birth date
- Social Security number
- Medicare number
- Phone numbers
- Home address
- Prescription information
- Driver’s license
- Payment information such as credit card or bank account numbers.
This data is incredibly valuable on the black market, just one Medicare number is said to sell for nearly $500. Keeping this patient information safe from cyber-thieves must be a top priority for hospitals, healthcare organizations, and medical offices. The threat of a data breach not only puts an organization or medical practice at risk for a hefty fine or HIPAA violation, but it also threatens the core of the business because it damages patient trust.
The following are five steps to keeping your patient’s medical data safe:
- Education
Educating your staff may be the best line of defense against data theft. Ensure your employees are informed on privacy policies, security measures, how data breaches occur and how to prevent them. Build staff awareness of medical identity theft and how to keep patient data secure.
- Mobile devices
Patient data may often be stored on mobile devices. Protecting devices such as laptops, smartphones, and tablets with encryption and passwords is another way to avoid a potential data breach. Also, it is important to ensure employees never leave their mobile devices unattended.
- Email
Many attempts for data breach occur through unsolicited emails called “phishing.” Be sure to instruct staff not to open any emails that are unfamiliar and never open any attachments or links from an unknown sender.
- Antivirus
Be sure to keep all software and antivirus programs regularly up to date.
- Secure your network server and wireless networks
To prevent attacks, practices should make sure their network passwords are secure and changed frequently. Ensure routers and other components are kept up to date. Set up firewalls and antivirus for all devices that connect to the internet. Lock down your network server so that it is difficult to physically remove it from your office and lock up any backup or storage devices.
Common mistakes:
- Employees sharing workstations or user IDs
- Leaving screens or workstations unsecured
- Sending patient medical information via unsecured email
- Using unsecured laptops, tablets, and smartphones
- Sending patient medical information through text messaging
- Speaking about private patient medical information to friends, family, patients or other medical offices.
- Failure to obtain the proper release/consent form to release patient medical data.
While there is not one sure way to prevent all data breaches, these best practices will go a long way in keeping your patient data safe and secure from potential theft.