How to Safeguard Your Practice From Data Breaches
Ensuring that your office computer system is as secure as possible will protect against internal and external data breaches, ransomware attacks, and possible liability.
iStock/Ju Sun
Health care continues to be the most targeted sector for cyberattacks due to the availability of valuable patient information, the financial soundness and resource capacity of the industry, and network vulnerability. From 2009 to 2021, the Health and Human Services’ Office for Civil Rights was notified of 4,419 health care data breaches, which resulted in the unauthorized disclosure of over 300 million health care records.
Of the multiple cybersecurity threats associated with health care, ransomware attacks and employee-related breaches are the most common confronting physician practices. According to the AMA, physicians are most concerned about threats resulting in the theft of their patients’ health, personal, and financial information.
In addition to the financial implications that may arise from the increase of health care–related cyberthreats, health care professionals are also exposed to potential litigation associated with breaches of confidentiality. The alarming frequency in data breaches speaks to the urgency of implementing more robust cybersecurity practices within your practice or business.
Health care professionals handle patients’ health, personal, and financial information daily. One of the most common causes of data breaches, but often not given the same degree of caution, is insider threats. Data breach of this nature typically occurs when an individual or individuals who have been given permission to access the practice’s data use these data for ill-intentioned purposes. With the detrimental effects of data breaches extending beyond the walls of confidentiality and associated liability, cybersecurity must be a priority.
There are a number of risk management considerations that can help enhance your practice’s cybersecurity.
Establish policies and procedures pertaining to information security and data privacy in the workplace:
•
Assess if cyber-liability coverage is a part of your professional liability coverage.
•
Require strong passwords (using a combination of different alphanumeric and special characters).
•
Change passwords at least quarterly.
•
Encrypt all mobile devices and communication, including email.
•
Use multifactor authentication to verify user’s login identity.
•
Incorporate cybersecurity training, such as identifying phishing attacks, as part of your practice orientation and ongoing competency.
•
Restrict employees’ ability to install software applications on devices belonging to the practice.
•
Be familiar with whom you are engaging. Monitor any signs that are indicative of an irregular activity and address it immediately.
•
Develop and test a cyber-incident response plan.
Implement safeguards to protect the practice network from cyberattacks:
•
Install and/or enable all firewall settings available in the operating system you utilize to create a barrier between the internal network and the internet.
•
Protect internet routers with strong passwords designed to prevent unauthorized access, potential control of the device, and the recording of internet communications.
•
Apply network segmentation to segregate network traffic (example: separate networks for online communications and record keeping of confidential information).
•
Use a virtual private network (VPN) for remote access of information.
•
Use routers to facilitate separation of patient’s Wi-Fi network from the practice’s network.
•
Default computer settings to automatically download patches and system updates.
•
Use HIPAA-compliant platforms for telemedicine.
•
Destroy all data stored on the hard drives of leased equipment before returning it to the vendor.
•
Back up practice data regularly to avoid paying a ransom fee in the event of a cyberattack.
Cybersecurity threats are here to stay, but simple measures can help protect your practice and reduce your risk. ■
This information is provided as a risk management resource for Allied World policyholders and should not be construed as legal or clinical advice. This material may not be reproduced or distributed without the express, written permission of Allied World Assurance Company Holdings, Ltd, a Fairfax company (“Allied World”). Risk management services are provided by or arranged through AWAC Services Company, a member company of Allied World. © 2023 Allied World Assurance Company Holdings, Ltd. All Rights Reserved.
Biographies
Gloria Umali, R.N., M.S., C.P.H.R.M., is assistant vice president of the Risk Management Group of AWAC Services Company, a member company of Allied World. Risk management services are provided as an exclusive benefit to insureds of the APA-endorsed American Professional Agency Inc. liability insurance program.
Information & Authors
Information
Published In
Psychiatric News
History
Published online: 28 December 2022
Published in print: January 1, 2023 – January 31, 2023
Keywords
Authors
Metrics & Citations
Metrics
Citations
Export Citations
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.
For more information or tips please see 'Downloading to a citation manager' in the Help menu.
There are no citations for this item
View Options
View options
Get Access
Login options
Already a subscriber? Access your subscription through your login credentials or your institution for full access to this article.
Personal login Institutional Login Open Athens loginNot a subscriber?
PsychiatryOnline subscription options offer access to the DSM-5-TR® library, books, journals, CME, and patient resources. This all-in-one virtual library provides psychiatrists and mental health professionals with key resources for diagnosis, treatment, research, and professional development.
Need more help? PsychiatryOnline Customer Service may be reached by emailing [email protected] or by calling 800-368-5777 (in the U.S.) or 703-907-7322 (outside the U.S.).