Content area
Full Text
Every time you access the Internet, a world of criminals is trying to steal personal information - yours and your patients'. Here's how to stop them.
A computer connected to the Internet without proper protection can be hijacked in a matter of seconds. It's troubling enough that your personal information, such as financial data, can be vulnerable. But if your computer is part of an electronic health record system, then your patients' health data can be stolen as well.
As physicians know well, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires practices to protect patients' personally identifiable information. It also requires regular reviews and, if necessary, modifications of a practice's security policies and procedures to secure this information. Providers are subject to stiff civil and criminal penalties if they violate HIPAA's security requirements, including fines of up to $25,000 for multiple violations of the same standard in a calendar year and fines of up to $250,000 and/or 10 years in jail for knowing misuse of individually identifiable health information.
Protecting your patients' health information and identities (not to mention your practice's financial information and your own personal information) is as important as locking your doors at home every night. This article discusses strategies and tools to minimize your risk of being hacked. You need to understand and employ these strategies even if you are part of a large practice with an established computer network and a dedicated technology staff because the biggest security threat to even the most secure network is the user.
What you're up against
To better understand how to protect clinical patient data and personal information, you need to first be aware of how someone can access your private data via the Internet. Here are the most common frauds, which you've probably already encountered in some form:
Phishing/identity theft. You can fall into these frauds without even knowing it. "Phishers" send spam e-mails claiming to be from a legitimate business or organization (e.g., an Internet service provider, a bank or a government agency). The e-mail message might say: "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity." The message usually says...