Practice Management Alert

Make sure your practice – and reputation – are resilient against cybersecurity threats.

You know about the need for secure passwords in your personal life, but what about work? With so many facets of life — including medical records — dependent upon computers and networks in 2017, make sure you can access the necessary servers, systems, and records even if team members are out of the office or during an emergency.

Though computers are everywhere today, the software your practice uses might be persnickety, especially to newer team members who haven’t worked with it very long. Make sure all team members feel comfortable using and utilizing software to do their jobs.

“Healthcare providers may believe that if they are small and low profile, they will escape the attentions of the ‘bad guys’ who are running these attacks. Yet, every day there are new attacks aimed specifically at small to mid-size organizations for the very reason that they are low profile and less likely to have fully protected themselves. Criminals have been highly successful at penetrating these smaller organizations, carrying out their activities while their unfortunate victims are unaware until it is too late,” say the Office of the National Coordinator for Health Information Technology, a division of the U.S. Department of Health and Human Services.

Here are some basic tips to keep your information — and therefore your patients and your reputation— safe.

1) Make sure cybersecurity is part of your practice culture. “Every person in the organization must subscribe to a shared vision of information security so that habits and practices are automatic,” says the Office of the National Coordinator for Health Information Technology.

2) Use unique passwords and change them frequently, but make sure that team members or administrators can access your password, in case of emergency. Consider adjusting your practice policies so that HR (or an in-house administrator) has the work passwords for all employees written down and filed away physically.

3) Consider multifactor authentication, if you haven’t already. “While a username is something you know and a password is something you know, multi-factor authentication also includes either something you have, like a smart card or a key-fob, or something that is part of who you are, such as a fingerprint or a scan of your iris,” says the Office of the National Coordinator for Health Information Technology.

4) Don’t overlook mobile devices. Not all practice personnel may need or have access to electronic health records (her) on their personal (or work-provided) mobile phones, but don’t forget that laptops are mobile devices, too.  Laptops and phones are much easier to steal, as they are physically portable, and they’re more likely to fall victim to predation across unsecure networks, too. If an employee in your practice needs to use a mobile device for work purposes, strongly consider encrypting the device and its communications.

5) Utilize a firewall. “Unless a small practice uses an EHR system that is totally disconnected from the Internet, it should have a firewall to protect against intrusions and threats from outside sources,” says the Office of the National Coordinator for Health Information Technology.

6) Use and update your security software. The primary way that attackers compromise computers in the small office is through viruses and similar code that exploit vulnerabilities on the machine.

7) Expect and prepare for emergencies. You should obviously prep for natural disasters like hurricanes or blizzards, but don’t forget about other potential emergencies. Remember that patients may need care elsewhere during emergencies — and therefore access to medical records. Your practice needs to be able to ensure that medical records are accessible and protected from harm or loss. “There are two key parts to this practice: creating backups and having a sound recovery plan,” says the Office of the National Coordinator for Health Information Technology.