According to Health IT Outcomes security breaches cost healthcare $6 billion annually. Patients medical records are now 10 times more valuable than credit card numbers to hackers. Hackers monetize patients medical record in different ways and the market is for it is growing. Protecting your patients’ data should be a high priority at your practice. We have listed some steps below to get you started.
Assign a security officer. Most businesses, especially small ones do not have anyone in charge of IT security. The security officer handles all the security related issues or works with a contracted IT firm. A security officer also provides the employee with a resource for any security related questions.
Perform a Risk Analysis. Details of a Risk Analysis can be found here. A risk analysis reveals potential holes in your IT infrastructure hackers can use to steal patient data. Once the holes are revealed you need to take steps to address these holes.
Employee Training. Employee blunders is the second leading cause of HIPAA breaches. Employees need to be trained on the right way to handle patients data and the impact if its not handled with the highest security.
Inventory of Equipment/Software Storing Patient Data. Most business do not know all the places patients data is stored. You can only protect patient data if you know where its stored. You should also restrict access to the data based on job responsibilities.
Install Technical Safeguards. You need to technical safeguards in place that prevents hackers from gaining access to your network. Most businesses have some in place but they are either not monitored, reviewed or updated. This responsibility can be handled by your assigned security officer or outsourced to an outside firm. Some technical safeguards are listed below:
- Firewall.
- Antivirus.
- Software Patches.
- Backup and Recovery.
The steps listed above should you get you started. Achieving HIPAA compliance is not as hard when you prioritize protecting your patients’ data.