In light of recent events, it’s important to validate that your practice ensures that logins, data and patient information are kept safe and secure. Below are some ways to check if the practice is doing just that.
1. Keep individual logins. It's time consuming, but providing dedicated, secure access to each person who requires entry can make a huge difference. Using your admin logins provides individual access to those who need it, ensuring login information isn’t shared.
2. Don’t save passwords on internet-based websites. In efforts to make it easier on the end-user, internet browsers offer the option for the user to save their username and password so that it pops up for them the next time they go to the website in which it is saved. When individual logins are provided, make sure to communicate to those who will be using the logins that they are not to save the passwords through their browser, as this can be an easy way for hackers to enter your systems without the practice being aware.
3. When multifactor authentication (MFA) is an option, use it. MFA can be a time suck, but think of how much of a time suck a data breach would be. MFA is a great way to ensure the actual user is the person entering the system by setting up a second form of verification. These can be a text message to that user’s cell phone or a code in that user’s authenticator app.
4. Use “update password” thresholds. If your practice management system or websites are equipped, ensure that users are required to change their passwords at a set cadence, such as monthly. This mitigates the ability of a potential hacker to continue using an obtained password for a long period of time.
5. Don’t send protected health information (PHI) by email and obtain an encrypted email service. Email is a great way for hackers to procure access to patient data. That said, don’t send PHI via email. Instead, invest in an email encryption service so that the patients’ information is protected.
6. Use encrypted websites to transfer data back and forth. If it is necessary to transfer PHI back and forth via a website, ensure that the website is encrypted and HIPAA compliant.
7. Be mindful of the shared information provided on websites your practice is using. When granting access to individuals for certain websites, make sure you are aware of all the information they will have access to. There may be another, more restricted, website that can give that person the information they need without providing too much.
Remember that a few minutes on the front end to keep patient data safe can save you valuable time and resources on the back end should a breach occur.
Reach out to the HELIX team with any other billing questions you have at this link; we might have the solution for you.
|