Protecting your Client Data is Smart Business
Client Data or PHI security is one of the biggest challenges facing healthcare companies. With the ubiquity of technology, today’s therapist employs several device in her daily routine. The constant transfer information from one program to another assumes that the security provisions and internet connectivity are adequate. In many cases, it is frighteningly not the case.
Just alongside the productivity gains spawned by technology, are cyber predators who actively engaged in stealing valuable information, using malware (including various forms of viruses, worms, Trojans) as the tool of choice. The consequences of becoming a victim can be devastating. In addition to hefty fines mandated by FIPA, a publicized breach of information is a business risk that could result in the loss of clients and your business.
Don’t become the next cyber victim. Prevention is the best practice, especially in small to mid-size companies without dedicated technology and security support. Healthcare companies and therapists would be prudent to consider a review of their information security systems. Here are two inexpensive suggestions you can start with:
Invest in a secure Practice Management Software, with built-in encryption technology.
Implement a good security policy and security routine. Here are a few good policies and practices you can start with immediately.
Password protected devices are mandatory
Use a password to protect your computers, tablets, ipads, mobile phones and storage devices. Change your password once or twice every year or if you believe it has been compromised.
It is commonplace to see electronic devices with no passwords or poorly constructed passwords, such as a person or company name. Research has shown that most users use the same password for many different accounts (computer, client access, Facebook, Twitter, etc.). A breach of one, breaches all.
Many healthcare organizations encourage password sharing as a way to reduce their IT licenses and costs. This is an ill advised practice that negates accountability and transparency. With each sharing, a password becomes more vulnerable. Each healthcare employee should have his/her own secure and confidential login credentials, for which he/she can be held accountable.
Create a strong password by using a combination of numbers, letters and other keyboard characters. Use one password to access your computer and a different password to access your client program, preferable a password not used elsewhere. Keep your password secret; do not share it with anyone, especially colleagues or support personnel.
Antivirus and firewall are absolutely essential
A good antivirus program is mandatory to protect your computer against most common malware threats such as viruses, worms, Trojan horses, etc. There are many antivirus programs available, ranging from free to costly. Microsoft Essentials is free and provides real-time malware protection for your computer.
Like an antivirus program, a firewall is mandatory for anyone connecting to the internet or other networks. Your computer has several ports which allows it to access the internet or local network services. A firewall closes unused ports and restricts use of others; it prevents unwanted communication with other computers on the internet or network or access to your computer.
If you are using a web-based software, a firewall may interrupt your connection. Do check with your software provider.
Be cautious with internet downloads
Use a trusted source whenever you download information, files or programs from the internet to your computer.
Computer predators will exploit the weaknesses of browsers and place malware on your computer, without your knowledge. Today’s sophisticated malware can be embedded in file or a document such as a PDF file. These malware can damage your operating system, generate annoying pop-up ads, track your internet usage and may even send personal information back to the predator. If you are a regular web user, running an anti-spyware is an excellent option. Spybot Search and Destroy is a free anti-spyware that does a great job.
Most viruses are sent through emails
Email attachments remain the most favoured tool used to propagate malware. You may receive an infected file or be invited to click on an email link that takes you to a site loaded with malware.
Follow these simple rules to avoid virus dissemination through emails.
Be wary of email attachments from companies or unknown persons. If you wish to open an email, a safe approach is to right-click on the attachment, choose the download files option and scan the file using your anti-virus program.
Delete chain emails as fast as you can.
Avoid clicking on links in an email from unfamiliar persons or sites. You can also turn on the Plain Text setting in your email. This option blocks the HTML beacons used by predators. However, this option may not be practical, as an increasing number of legitimate companies use enriched features of email as part of their marketing effort.
Avoid public computers if you can
Avoid using public computers to access your business network, PMS software.
A public computer (and these include computers in hotels, airports, conferences centres, etc.) can be used by predators to collect confidential information. A key logger (a program that records all your key-strokes) can be used to record your personal information. See Microsoft Safety Tips for using a public computer. Entering sensitive information should be done from your own or a trusted computer. Even checking email, which is done by more than 75% of people, is not recommended.
Avoid public Wi-Fi connections if you can
Think twice about using public Wi-Fi to connect to your network at the office or elsewhere. A public Wi-Fi network is exactly what it says, public. With these networks, your privacy is akin to making a confidential phone call while surrounded by strangers, except you don’t know who is eavesdropping. Since many people share public networks, the risk of a hacker stealing your password or personal data is very high. If you do use a public wireless network, use only encrypted wireless networks and be sure to leave your firewall turned on. You should also avoid sending passwords through public networks.
Rogers or Bell provides a safe mobile internet connection for users on the go. Rocket Mobile Internet Stick comes with monthly plans starting from $22. Also most mobile plan will allow you to setup and connect to your own secure hot spot.
If you use a wireless connection, in the office or at home, encrypt it with a strong password.
Invest in a Case Management Software (CMS)
A good CMS allows you to work securely from any location. Its akin to a mobile office. Your CMS stores all you client data, documents and related information in a single protected location, allowing you and your designated staff specified access. Most CMS will encrypt your information and provide your with an automatic backup for added security. You have spent years building a business, secure it smartly. Click here for a link to Skedulex Case Management Software for more information.
PHI Security in Summary
Using a computer and the internet can be enormously rewarding and productive. At the same time, it can be dangerous and costly. Take the time to learn the rules and practice them diligently. You would not get a ticket for using an outdated antivirus or operating system or not having a password on your phone, but worse you could lose your client data, and your job or business with it.
A few simple but important precautions with your digital devices and internet usage can prevent you from becoming the next innocent victim. Be a smart user!