We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Resources

Blog

5 Policies to Protect ePHI

Creating a secure cyber environment is never only about having the best software and technical support. There are things every practice can do right now, at no cost and with no IT background needed. Having the right policies in place, along with the training on and enforcement of, is just as essential to the security of your practice as having the right antivirus.

Policies Every Practice Should Implement to Protect Their Patients

  • Create and enforce a good workstation use policy that prohibits employees from using their work computers for personal use. Most cyber-attacks can be traced back to someone clicking through a fake email, opening a suspicious attachment, or visiting an unsecure website. Even as the hackers become more and more sophisticated, these deceptive tactics remain their best way into your system. According to a 2020 Statista report, phishing emails accounted for 54% of the reported ransomware attacks.
  • Enforce proper password management. This means no sharing of passwords, changing passwords on a consistent basis, and creating complex passwords as opposed to a person’s name or birthday. It is also advised that you do not write your passwords on a post-it and stick it on your monitor. Everyone has experienced the frustration of not being able to log into a system, but this policy is essential to protecting your system and your patient info.
  • Always follow HIPAA’s minimum necessary standard. This means ONLY accessing, discussing, or transmitting the absolute minimum amount of patient info that’s needed for treatment.
  • Always do your due diligence and always have a Business Associate Agreement (BAA) in place. Choosing which vendor to work with, whether it’s an IT company, a medical billing company or a practice management software, is a big decision for a practice and should be treated as such. Do your research and keep an eye out for any red flags, such as a poor web presence or a suspicious history. And if a vendor is not willing to have a business associate agreement, they may not be willing to protect your patient info. Even the biggest organizations have recognized the need for a BAA and have made it easy to find their agreement and keep it on file.
    • BAA for Microsoft Office 365
      • Login to Microsoft Office 365 Administrator Center > Billing > Subscriptions > Optional Privacy and Security Contractual Supplements.
      • Next, on this page you should see the Office 365 and CRM Online HIPAA/HITech Business Associate Agreement. Check off the box for that agreement, provide your electronic signature, and click Accept.
    • BAA for Google Workplace
      • Go to the Security and Privacy Additional Terms within the Administrator Center.
      • Click Google Workspace/Cloud Identity HIPAA Business Associate Amendment to review the amendment.
      • Click Review and Accept and answer all three questions to confirm that you are a HIPAA covered entity. To accept the HIPAA BAA, click OK.
  • Have an emergency plan in place. The plan should detail who does what at the practice when faced with different worst-case scenarios like a cyberbreach, loss of data, and even a natural disaster. By having the plan ready before something happens, you can maximize your response time and minimize any damage.

The days of offices filled with file cabinets filled with patient records and forms going back and forth through USPS are over. The use of technology has changed the way patients are treated and new technologies are constantly becoming more popular. As an example, a recent HHS survey found that 1 in 4 individuals have used telehealth services.

While advances in technology have been a huge benefit for practitioners and patients alike, they’ve also resulted in patient privacy and security being more at risk than ever before. What hasn’t changed is that you care about your patients. By approaching any technology with the same care and attention you give to a patient’s treatment, you will continue to protect them.

References

  1. U.S. Department of Health and Human Services Office for Civil Rights https://www.hhs.gov/sites/default/files/breach-report-to-congress-2020.pdf
  2. Statista https://www.statista.com/statistics/700965/leading-cause-of-ransomware-infection/

Get started today!

Thousands of providers like you supercharge their front office with Practice Management Bridge. Schedule a call to see how we can help reduce admin work, so you can focus on your patients.

Book a Demo