In 1992 I was the coolest kid on my block for a day. My dad, who always wanted the latest and greatest technology, had just brought home our first cordless phone. It was white with an extendable antenna. I brought my friends by after school to show it off, and one-by-one they called home on it.
The conversations all went something like this: “Mom! I’m calling you on a phone WITH NO CORD! No, really!”. My cool kid status only lasted as long as it took for Becky to get in a fight with another girl on the playground, but I distinctly remember how it felt to be on the cutting edge.
Thinking back to that pre-internet, pre-mobile phone period feels quaint. In the nearly 30 years since, many of us spend our days walking around with mobile phones in our pockets that are vastly more powerful than the Voyager satellite.
Technology is expanding at an exponential rate. As we add more and more tech to healthcare, medical practices are faced not only with increasing opportunities but security risks. In fact, in some situations, it can be riskier to avoid tech.
Is your practice ready to handle some of the biggest security challenges of 2020? Keeping up with technology can feel overwhelming, but the best place to start is to know what you’re dealing with. Here are five of the biggest security challenges facing medical practices in 2020:
Out-of-Date Software
Working with old software means more than just dealing with a product that’s potentially slower and more inefficient. Older software just wasn’t designed to keep up with today’s security threats.
The Office for Civil Rights (OCR), part of the US Department of Health and Human Services, put issued guidance on software vulnerabilities and patching that says, “Under the HIPAA Security Rule, HIPAA Covered Entities and Business Associates are required to protect their ePHI, which includes identifying and mitigating vulnerabilities of computer programs and systems that could affect the security of ePHI.”
So, if your office never got around to upgrading from Windows 7 or Server 2008 you’re critically at risk, because Microsoft ended security patches and updates on January 14th, 2020. If it doesn’t seem like a big deal, consider that the Equifax breach that impacted 143 million people could have been prevented with a patch that was available for months.
Insider Threats
According to the 2019 Verizon Data Breach Report, insider threats were responsible for 58% of cybersecurity incidents. This is notable because healthcare is the only industry where insiders were more responsible for breaches than external threats. Where an observable motive for the breach existing, financial motives were the most common reason insiders breached data (83% of the time).
Other reasons included curiosity (6%), convenience (3%), and grudge-holding (3%). Good healthcare software provides robust logging. This way your practice can stay on top of potential incidents, whether it’s a billing staff member adjusting a bill for a family member, a doctor gawking at celebrity medical records, or any number of things.
Lack of Awareness
Many data breaches don’t have an observable motive. In fact, more than half the time, insider data breaches were attributed to human error. Catching this after the fact is essential, because HIPAA requires that any breach – accidental or not – be reported to your Privacy Officer and reporting may need to go as far as the Office for Civil Rights (OCR) depending on the circumstances. Ideally, though, you can prevent anything before it happens by having robust training and enforcement policies.
When it comes to outside attackers, phishing is a popular way to try and gain access to a system. We’ve all had that coworker who never met a sketchy looking link they didn’t click on, so educating staff about how to identify and avoid phishing can help keep your practice safe.
Risky Communication Practices
Texting is convenient and an everyday occurrence for most of us. However, it’s not HIPAA compliant unless those messages meet specific criteria. Messages must be encrypted, stored on secure servers, and have sender/receiver authentication. Even standard emails don’t meet HIPAA requirements for sharing PHI.
The best solution is to adopt a secure messaging tool, either as a stand-alone product or as part of other existing technology. If your practice rounds at hospitals and other facilities, a software rounding solution will include options for secure messaging.
Lost PHI
There are several ways to lose PHI, paper being one of the most obvious. Between paper charge tickets, facesheets, and printed reports, it’s easy to leave something in a pocket or accidentally leave it on a desk somewhere. Moving away from paper as much as possible can mitigate that risk.
Even once you make the leap away from paper, there’s still a danger. Another finding of the 2019 Verizon Data Breach Report is that “lost and stolen laptops with unencrypted PHI continue to be the cause of breach notifications”. According to a Kensington study, 70 million smart phones are lost every year.
What does this mean for PHI? It’s essential that documents with PHI aren’t just floating around on a laptop or a mobile phone, but rather are contained within a secure and encrypted software solution. This goes for everything from medical records to rounding lists.
Is your practice engaged in some risky behavior? Learn more here! If your practice rounds at hospitals or other facilities, HybridChart can help keep you safe. Our HIPAA compliant, HITRUST certified rounding software offers secure messaging, secure rounding lists and collaboration, and more! Visit us at hybridchart.com today to learn more!
Smarter Rounding and Workflow Software for Doctors
At HybridChart, we provide technology that connects your healthcare team, increases efficiencies, AND improves your bottom line. HybridChart’s cloud-based software adapts to your practice’s unique workflow and will improve your profitability and patient outcomes by utilizing our 5 features: census management, charge capture, secure messaging, discharge management, and data analytics.
NEVER miss another charge and get PAID for the work you do!
If you are interested in taking your medical practice to the next level and want to employ the best hospital charge capture practice available in the industry, come visit our website at www.hybridchart.com, or call us at 1-877-684-0608 for a demo today!