Unfortunately, medical practices cannot be fully guaranteed for protection against cyberthreats by even the most cutting-edge computer software. However, specific plans and actions can be implemented that significantly contribute to preventing cyberattacks from compromising sensitive medical data and patient information. In fact, many of these anti-cyberthreat actions are required by HIPAA’s risk assessment policy that focuses on the following:
- Completing extensive background checks on office personnel who regularly access confidential data.
- Consistently maintaining a vigilant attitude towards the status of access logs, monitoring of computer audit trails and implementation of tools meant to prevent compromise of data.
- Providing educational items to employees concerning cyberthreats, especially how to help prevent them, what to do if one occurs and definitions of terms associated with cybersafety, such as encryption, firewalls and malware.
Creating Strong Passwords
Most people do not realize how easy it is for an experienced hacker to crack poorly made passwords. According to Microsoft Technet, strong passwords are comprised of at least seven characters, does not contain names, is not a dictionary word and is alphanumerical. Medical practices should consistently use strong passwords to protect highly responsive data.
Cyber Insurance for Medical Practices
To mitigate the consequences of a destructive cyberthreat, medical practices may opt for cyber-insurance that covers costs related to loss of data as well as any possible litigation expenditures. However, attorneys specializing in this type of insurance strongly urge physicians to read the “fine print” included in these policies to determine whether exclusions apply involving criminal penalties, government investigations and regulatory fines.
Encryption is Key to HIPAA Compliance
In addition to backing up data and performing regular virus checks HIPAA’s Guide to Privacy and Security of Health Information requires medical practices employ encryption tools that convert document or file information into unreadable formats prior to being submitted. Only authorized individuals are able to decrypt the document once it reaches its destination. Medical practices must implement encryption tools within associated partner networks and the main service provider to meet requirements of the HITECH Act.
Medical practices neglecting to safeguard against cyberattacks not only face HIPAA non-compliance penalites but may also be held in non-compliance with Payment Card Industry Data Security Standardsdesigned to protect payment card (debit and credit) information from cyberattack and identity theft situations.