Today’s post is a back-to-basics reminder of something that we all should not need to be reminded of, but….it is likely than most chiropractors could use improvement in this area.
The topic: security.
Specifically, I’d like to say a few words about the security of information, finances and records in your office. Some of this pertains to HIPAA; some of this pertains to good old fashioned common sense. Both are needed.
In case you were not aware, business accounts are the most vulnerable to hacker attacks and the least protected by the law. This is bad news for all chiropractors who do not hold their money under their mattress, which I suspect is most of us. Here’s why:
Hackers are much more inclined to break into a six-figure business account than a consumer account with a few thousand dollars, according to the article “Could Online Hackers Steal Your Cash” published on the financial website Bankrate.com. And there’s more bad news: if your bank determines that your money vanished because of something you did, they may not be liable for your disappearing cash! Sound a bit subjective and risky to you?
With online transactions and banking opportunities increasing daily, chiropractors need to be especially vigilant of protecting their accounts not only to protect their money, but need to take extra steps towards data security in general. A breach in a health care office may not only be financially damaging, but also has potential to cross lines and expose patient’s personal health information, which could lead to HIPAA privacy violations and fines as well.
While all of this may sound like the plot line to a new conspiracy theory thriller, a quick reality check in your own office may reveal that you are either well protected or unnecessarily exposed so such dangers.
Here are a few items that I would recommend for your to-do list so you can sleep a little more soundly:
- Make sure all patient files (and x-rays) are kept in locked storage. This is not only required via HIPAA regulations, but is a good idea to prevent theft.
- Utilize tougher passwords online. “1234” just won’t cut it. Use multiple passwords – not the same one for every site to avoid a widespread breach. Mix upper and lower case numbers, letters, symbols, etc.
- Protect yourself against malware (viruses, spyware and other online threats). While most computers come with a free trial, many chiropractors let them lapse and/or never upgrade to the full version. Check out the June 2010 issue of Consumer Reports magazine for the latest ratings on effective free and paid security software. The most expensive fee of any of their recommended options is $70 – hardly a matter for debate when you consider the amount of time, money and effort that will be expended if something bad happens.
- Pay to have a security system with monitoring installed in your office. In terms of banking, your greatest theft threat may be online. But fire, break-ins and other hassles can effectively be monitored via a security system. I know several DC’s whose offices were destroyed by the elements and many more who suffered break-ins. Even small town DC’s are not immune to crime and certainly not safe from the elements.
- Don’t Let Employees Take Laptops Home. One of the biggest data breaches in health care history occurred when a Blue Cross employee took a laptop to do some work from home. Unfortunately, the laptop was stolen in a parking lot while the employee was busy running errands. So not only did the employee NOT get any work done at home, the employee inadvertently caused a data breach that involved over 100,000 physician records – including Social Security numbers and EINs. Certainly, an accident like that would not be of the same magnitude for your office. But how many patients do you want to notify and inform them that your employee’s conduct caused their personal information to be stolen? Although that would certainly not be fun, it would be required per HIPAA regulations and failure to do so would result in major fines!
Lock up. Protect your business. Sleep well.
Tom Necela, DC, CPC, CPMA
Related posts: