Imagine a world without paper. Where everything in your office is handled electronically; no paper will ever be in sight.
Not there yet? You’re not alone. HIPAA laws mandated the move to digital to provide secure handling of medical records. But how do you ensure sensitive data is indeed secure?
We all know that no matter how hard you try, breaches occur. We read about them every day.
What’s in place to prevent a hacker from breaking in and doing as they wish with your data? How do you protect your EHR data?
Create better access controls
People are still one of the weakest links. Your employees are putting your data at risk. How? With their password practices. Who in your office creates a simple password? Phrases like 12345678 or “password” are easy to remember, and more people are using them than you think.
They’re also easy to guess. Who in your office writes down the latest password on a sticky note, and tacks it to their monitor? It gives access to anyone who enters.
The National Institute of Standards and Technology (NIST) recently came up with new password guidelines - they might surprise you. Their suggestions include:
- Removing periodic password change requirements - it can make passwords weaker, as people tend to create easier passwords over time
- Drop password complexity - no more adding arbitrary elements with mixtures of symbols and numbers, it can make people select weaker password protection
Secure paper throughout the process
Did you know one of the weakest links is in disposing of paper records? No, you can’t just throw them away. Instead, these paper files must be properly shredded and destroyed. Secure disposal may include hiring an offsite disposal service who understands HIPAA laws and proper destruction of EHR records.
Different roles for everyone
Many medical offices are operated by a small staff. The risk runs high when you give one person too many credentials. The best EHR practices ensure that data is protected at all levels. People should only have access to the levels they need to complete their jobs. Providers shouldn’t have access to billing. Office admin shouldn’t have access to prescription information. Instead of giving blanket rights, refer to the person who has the right access.
Of course, saying everyone has a different role, and knowing the roles are divided within your office space are two separate things. To ensure the right people have the right access, usage reports should be created and monitored along the way. This is a great way to check up on your policies. And if you see a problem, regular training can help keep everyone educated and working properly.
And it’ll help you stay on top of HIPAA laws, and avoid potential problems.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.