Last year, almost half of all major data breaches affected the healthcare industry.1 In fact, during the last five years, more than 120 million patients had their healthcare records compromised.2 With statistics like these, private practices are more focused than ever on protecting the security of their patients’ personal health information.
To help you find out if you and your staff are up-to-date on the latest security practices, HealthIT.gov has created a game called Cybersecure: Your Medical Practice. Private practice physicians and staff can play the online game by answering multiple-choice questions on common real-world scenarios that could lead to a security breach. Answer correctly and you’ll earn points to win “prizes” for a virtual medical office, like extra office space, more exam rooms, or a new TV for your office. It’s a fun way to learn best practices for keeping your devices and your patients’ health records secure.
Here are three ways to keep cyber-safe that we learned when playing (and winning!) the Cybersecure game:
Protect your passwords. Here’s an example of a question you may get during the Cybersecure game; can you answer it correctly?
How often should you change your EHR password (at minimum)?
- Daily
- Monthly
- Quarterly
- 2x/year
- 1x/year
Answer? Quarterly. A secure portal that is login and password protected is key to keeping your EHR safe. Make sure that everyone on your staff understands the importance of protecting their passwords by updating them regularly. Remind them to never share passwords or keep them in plain view of patients or vendors (i.e. Post-it® note on the desk).
Protect your devices. Be sure your security measures include all devices, like laptops and iPads, that you use to access patient data. Below are a few tips to keep your devices secure.
- Don’t use your devices to visit gaming or questionable sites that could expose your system to malware.
- Don’t take devices out of the office unless patient information has been encrypted.
- Keep track of all devices, never leaving them unattended in an exam room or any place where there could be unauthorized access.
- Remove the hard drive from computers you are discarding, and make sure all personal data is deleted before disposal.
Protect your data. To protect your data, choose an EHR system that uses state-of-the-art encryption, cloud data storage, and regular data backups. Encryption will protect your data and block unauthorized access.
An added benefit of working with a secure EHR vendor is the ability to access your data in the event of a fire, flood, or natural disaster. With cloud data storage, you can access your records anytime from anywhere. Cloud EHR systems also include automatic, hourly data backups, which is a critical feature if your office computers are ever damaged or stolen.
[1] Experian’s 2015 Data Breach Industry Forecast. [2] “2015 is already the year of the health-care hack — and it’s only going to get worse.” The Washington Post, March 20, 2015.Boost EHR security: 5 features to look for
Choosing an EHR system that has the ability to keep your health records secure is more important than ever. This guide will help you learn the 5 key features you need in an EHR system to ensure top-level security.
Download the guide