Chances are that your practice has already devoted a lot of time and energy into ensuring HIPAA compliance and protecting your patients’ information. There are checklists galore covering the handling of paper records and even governing what information can and cannot be discussed in non-secure emails and on social media. But data security is not a static concept. Technology and the rise of Electronic Health Records (EHR) have already changed the way we think about protecting patient data, and the landscape continues to shift each day. It’s crucial that you keep up. Here are some questions you should ask yourself to be sure that you’re keeping patient data secure at all times.
Is your cloud server HIPAA compliant?
Cloud storage is becoming a practical option for storing large amounts of patient data, but it brings with it a certain level of security risk. For Covered Entities under HIPAA, it is vital to perform due diligence on matters of data protection with your cloud server.
Data security methods may differ between providers, but there is a stringent set of minimum requirements for the online storage of privileged patient information. Cloud service providers must use strong encryption methods and enforce strict privacy and security policies. Clear restricted-access protocols are essential. IT Business Edge has put together a helpful 10-point checklist to make sure your server fits the bill.
Do you always know when you’re online?
These days almost everyone is connected 24/7 through some device or another. Smartphones, tablets, and increasingly portable laptops make it easier than ever to communicate and get work done on the go. When it comes to dealing with confidential patient information, this can be a mixed blessing.
Unsecured public WiFi poses a serious security threat. There’s also the risk of physically losing your device, exposing patient information to anyone who finds it. Downloaded mobile apps may have extensive privileges which threaten to compromise not only your privacy but your patients’ as well. You should also be aware that some programs (for example, Microsoft Office 365) may have cloud access; when you think you’re saving a file to your computer, make sure that it’s not being copied to an online server as well.
The vanguard of medical information technology continues to inch forward, bringing with it new and better ways to serve our patients, but as practices begin to embrace cloud storage, mobile work patterns, patient portals, and other online venues, patient privacy can be at risk in ways that most doctors have never anticipated. Your data security solutions must be responsive and flexible to make sure that confidential information stays safe, no matter what.