Recent HIPAA Breaches: How to Avoid an Email Breach & Secure Your Practice | AdvancedMD

Features Navigation

Live Chat (800) 825-0224 Live Demo

← Back

Recent HIPAA Breaches: How to Avoid an Email Breach & Secure Your Practice

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

Security Breach

Alameda Health Systems in California recently reported a patient data breach that impacted the information of approximately 90,000 patients. This breach involved unauthorized access to the email accounts of staff members and enabled malicious hackers to use the email accounts to gain access to patient information.

Being aware of this situation is important because it highlights the fact that patient data systems such as EHR, Imaging Systems and Billing Systems are not the only areas you need to monitor and protect to ensure the security of your patient data. You must also consider the type of security you have in place for your office’s email system.

How to Secure your Business Email System

If you are using a free email system for yourself and your staff.
Free email systems typically have less security and are more vulnerable to intrusion than paid services. For example, if you are using a Yahoo email address you are at much higher risk than you should be. Yahoo is not HIPAA compliant. The encryption is not adequate, and Yahoo will not sign a Business Associate Agreement.

If you are using an email address provided by your internet provider.
It may not have the security you need to properly protect your inbox.

If you are using a paid email service.
You may not have all the tools enabled that you need to be properly HIPAA compliant. You want to ensure you have the following features enabled for your email. Please note some of these are technical features that may require your email provider to enable for you.

  • Flag emails that come from outside your practice such as an external email address
  • Prescreen emails to identify potential spam and phishing emails
  • Implement a Sender Policy Framework
  • Implement DomainKeys Identified Mail
  • Implement Domain Based Message Authentication Reporting and Conformance (DMARC)
  • Require Multi-factor Authentication when accessing email from a computer that is not inside your organization
  • What type of encryption is implemented on the email?
  • Do you have a signed Business Associate Agreement with your email provider?

You may have none, a few or all these features already in place. A Business Associate Agreement and encryption are both an absolute must. Other security measures are recommended and the more the better. If your email provider can provide more of the other features that is better.

We know that email security is vital to protecting patient records and it is your responsibility to do a good faith effort to ensure the security of the email system you use for your practice.

Please join TLD Systems for our free monthly webinar series on Cybersecurity.

The upcoming schedule is:

  • July 6 – Password Security
  • August 3 – Email Security

To register for our free webinar series, click here.

 



Michael Brody, DPM
Dr. Brody has been actively involved in computers and medicine since the 1980s. He is a Residency Director at a VA hospital located in Long Island, NY. Notably, he was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees must adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick. They wanted to create a platform for private practice doctors that provides a cost-effective method of implementing HIPAA compliance in their practices. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-chair of the EHR workgroup at Health Level Seven International (HL7). He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)

Topic:


Other Resources Related to This Topic


No results found

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›