Data Breaches that cause HIPAA violations in dental practices
As almost all data is now electronic, data breaches have become a significant threat to the healthcare industry. These breaches cause patient information to end up in the wrong hands. Any such unauthorized disclosure or use of PHI (Protected Health Information) is a HIPAA violation which can lead to large penalties. The highest annual penalty is $1.5 million per violation. A HIPAA violation can ruin the practice and tarnish its good name. Mobile Computer Services, a managed IT company in Raleigh, talks about the potential threats of data breaches and how IT consulting can help.
Hacking is the main cause of data breaches in dentistry and other healthcare services. Hackers target ePHI and use these electronic medical records for the wrong purposes.
Hacking can be prevented by:
- Enforcing two-factor authorization for access
- Storing files in encrypted form
- Using strong passwords that are regularly changed
- Not accessing data over a public Wi-Fi
- Performing security risk analysis to identify threats and vulnerabilities
2. Data stored on unprotected devices
Medical personnel might use their own devices for work. These devices may not be password protected and data can easily be compromised in case of device theft.
Effective methods to prevent such a data breach are:
- Ensuring that data is not stored locally, but only on secure cloud networks
- All data that need to be available on the device locally is encrypted and password protected
- Ensure that data can only be accessed using a secure network which requires authorization
Ransomware is a software program that is received via spam mail or a malicious link. The software in turn downloads malicious code that encrypts the file in the device or locks the device. The owner of the device is asked to pay a ransom before a deadline for retrieving access to the files. Such ransomware or malware in a medical practitioner’s machine can cause huge data loss of patient records. A good managed IT services company can help prevent this by:
- Ensuring all devices are protected by up-to-date antivirus software
- Performing data backups regularly and storing the backup at a remote location for risk mitigation
- Migrating all sensitive data to a secure cloud server
4. Improper disposal of records
When an electronic device needs to be repaired or is at the last stage of its life cycle, it has to be ensured that all patient data on it must be erased permanently. Data should not be present as retrievable files in the recycling bins.
5. Use of personal email for office correspondence
Healthcare professionals may email ePHI to their personal emails. This could be to catch up with work or to have a detailed study of the case. However, emailing ePHI to a personal email address is a HIPAA violation though it seems to be a harmless routine practice. Ways to avoid such violations are:
- Using a service that encrypts emails while being sent to the recipient
- Using a cloud-based HIPAA-compliant email server where all senders and recipients have accounts. This prevents emails from going through external servers.
- Using an EMR platform that provides patient details so that the healthcare practitioner can log in and access the required data. This eliminates the need for emails to a personal mailbox.
Why Mobile Computer Services?
Mobile Computer Services, a managed IT services company in Raleigh, has helped numerous healthcare practices safeguard their data by providing robust cyber security, email protection, and virus removal services.