Electronic Medical Records Security April 10 2014

Electronic Medical Records Security  

So your EMR system is in place and your Midmark IQecg Digital Medical Device is connected. Everything is humming along and your job has become that much easier.  Your patients are enjoying the extra face time and you are enjoying the ease of access to their medical records. Isn't technology great? One problem, if you’re not careful, someone else could be enjoying the ease of access to your patients’ medical records as well!

We are living in a time where cybercrime is at an all time high. Every time you connect to the internet, you open yourself up to become a victim of a plethora of things like hacking and phishing. It’s not just when you connect to the internet though. You also need to protect the computers in your office from unauthorized access. Making sure your patients information is kept private is a must to meet HIPAA compliance. 

There’s a lot to keep track of, especially if you are not part of a large provider network that has an IT specialist to maintain security. Though only an IT Specialist can keep you 100% safe, here is a list of 5 things you should keep in mind:

  1. Use strong passwords on your office computers and change them regularly! A strong password should contain a combination of numbers, upper and lowercase letters, and symbols. They should be at least 8 characters in length. They should NOT contain you or your family members' birthday, SSN, bank numbers, names, etc. A great tip to help can be found in this XKCD Comic. To make sure you have a strong password, use a tool like HowSecureIsMyPassword to check your password strength. 
  2. Use a firewall. This is the first line of defense against data thieves. Keeping them out of your network in the first place is the easiest way to keep your computers safe. A Firewall may be a hardware box that filters internet traffic or a piece of software on your computer.
  3. Use antivirus software. No firewall is infallible or impenetrable. They can do a lot to keep you safe, but if an infection makes its way on to your computer, you’ll need an antivirus program to reduce the amount of damage it can cause. Many companies offer integrated solutions that have a firewall + antivirus in the same software package and these are often the best choice for a small business.
  4. Limit Network Access! Personal computers, phones, and tablets should never be on the same network as machines containing sensitive medical information. There are simply too many variables when a personal device has access to the same network as a computer with sensitive data.  Since personal devices aren’t held to the same strict security standards as the ones in your office, you can’t be sure they have adequate protection from infection in place. If that computer were to become infected, the infection could spread over the local network. If that computer had access to any shared folders, those could be easily accessed. Better safe than sorry.
  5. Practice safe computer habits. Realistically, the easiest way to avoid cyber attack is to stay away from the source of it! This means no casual web browsing on office computers, no personal email, etc. If you don’t know what a file is, don’t open it…if you don’t know what the program does, don’t install it.  We all like the fish screensaver, but probably won't like the keylogger it installs! Only visit sites that are safe. Never use the same passwords for work and personal use. If you get a warning that an email may be a scam, heed the warning and don’t open the email.  

Follow these 5 steps and you are much closer to keeping your sensitive information safe. For more information on keeping your EMR data safe, please visit these links: 

http://www.healthit.gov/providers-professionals/cybersecurity

http://www.healthit.gov/providers-professionals/ehr-privacy-security/practice-integration

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html

http://cybersecurity.mit.edu/2012/11/protecting-emr-data-1-of-2/

http://cybersecurity.mit.edu/2012/10/electronic-health-records-what-is-really-at-stake-and-how/