a whole lot more patient information that you probably think they could.
In this article by Joseph Conn of Modern Healthcare, he outlines multiple aspects of the hack at Banner Health, and the many different kinds of information that needs to be secured in order to protect your patients.
Not only were the usual names, addresses, dates of birth, Social Security numbers and claims information compromised–hackers also obtained credit card and banking account numbers that had been used to make payments.
Vendor and Provider Roles in Security
When a healthcare provider believes that the software vendor is responsible for information security, they are not entirely wrong. The software vendor plays a large role in the security of their software. After all, they’re the ones developing it.
It should stand to reason then that if the security isn’t tight to begin with, it’s not a product you should be putting money into!
However, you do play a large role in ensuring that private patient information stays private. Here are some tips you can use to help yourself sleep at night.
Stay informed. The best way to make sure that everyone is following HIPAA guidelines is if everyone knows HIPAA guidelines. It’s also important to stay on top of new regulations, and to pass that information on to employees and co-workers so that everyone can remain up-to-date.
Keep track of mobile devices. Always be aware of where mobile devices are and make sure employees understand why they need to lock them up when they’re not using them. As you probably know, the most common cause of HIPAA violations is employee negligence. If an employee loses or forgets a mobile device and it ends up stolen, your business is responsible for that information.
Use encryption. Encryption, firewalls, and secure user authentication is a necessity for each and every device your facility uses.
Use the shredder. Ensure that any hard copies of patient information, or any documents containing patient information, are properly disposed of. This generally means using the shredder. If you want to go the extra mile, use the shredded paper to help fuel a cookout (but not really).
Control physical access. It matters who has access to the building! One of the most common ways information is compromised is through devices that go missing. Knowing exactly who had access to those devices (by limiting physical access) can help you ensure devices don’t turn up missing, and if they do, you have a solid place to start looking.
Use strong passwords and change them often! No getting around this one yet… unless you’re using retina scanners etc. Choose those capitals and lowercases wisely and often.
Back up that information. Unfortunately, not just devices but the information itself can go missing. Be it from a natural disaster or just a coffee-spilling disaster, if information is only stored in one place it can be wiped out or taken away from you that much easier. This is why many high-quality enterprise archives–like Novarad’s MARZ VNA–back up your information to multiple data centers that are heavily protected, both digitally and physically.
Normally these kinds of patient information should be stored in computer systems that are separated. The software you’re using matters, too. It’s not just IT’s responsibility (although your IT department is the key piece here). Just because your facility may be using a third-party software system, that doesn’t absolve you of responsibility for that information.
It’s key to ensure that the software you use doesn’t take security lightly.
Read the complete article, Health systems area candy shop of personal information, here.
This article was compiled and written by Kristi Alvarado, marketing and PR specialist with Novarad.