Protecting Your Patient's Data
The data of a medical practice is only as safe as its weakest component of software, hardware or IT service provider. Many cyber attacks have been easily carried out due to practices not doing something as simple as updating their server software. For a hacker, this is the equivalent of leaving your key in the front door of your office.
All of your hardware and software should be properly maintained, and software updates should always be completed in a timely manner. You need to review data security risks regularly and take steps to introduce protection strategies. These might include advanced messaging solutions to help detect phishing scams, top of the range Firewall and breach detection systems, and regular back-ups that mean you will be able to retrieve data faster if your system is compromised.
However, securing your data is not just about ensuring your own practice software and IT infrastructure is up to standard. Practices also need to conduct appropriate due diligence regarding IT security policies and practices in place for all vendors coming into contact with their practice software or patient data. When selecting an outsourced medical transcription or medical billing company, the key questions you should be asking any third party vendor that comes into contact with your patient information are:
If the vendor stores data is it in a secure data center and is that data center located in the United States?
At what intervals does the vendor perform daily backups? (The more frequent the backups, the less data loss the practice will experience in the case of an IT breach or failure)
How are the backups stored? Are they in the same location as the server or in an alternate location? (Storage of backups in a single location are more vulnerable to loss)
How often is your vendor’s backup data tested for its ability to be restored? Have these tests been successful?
Are the vendor’s backups encrypted to protect unauthorized access to the data?
Does the vendor have a competent IT manager who is well versed in data security and protection?
Who is accessing your data whilst working for the vendor? Are the staff of the vendor located in the US or is your patient information being viewed by staff in overseas locations?
What security measures does the vendor have in place to protect your patients’ data?
It is essential that you conduct due diligence of all third party companies that you do business with, including outsourced billing companies and outsourced transcription companies. It is also essential you develop and maintain policies and procedures around data protection, and to ensure your staff is trained appropriately. All practice staff, including doctors and administrative staff, should err on the side of caution when opening emails containing attachments. They should also be kept aware of common phishing emails, as well as emails purporting to have attachments regarding tax refunds or other financial information. Fraudulent emails look legitimate on the surface but carry viruses in their attachments.
At EMMG, we are committed to providing quality, customized services at an affordable cost.
Our goal of meeting or exceeding client expectations will remain at the core of our business philosophy as we continually strive for improvement in the efficiency, economy, and effectiveness of planned work services. Quality is not something that "just happens." It is a state of being that must be achieved through vision, dedication, and consistent practice.
For more information on our unique services and packages click here or give us a call at 516-338-5300. Our dedicated team will be happy to answer any questions you may have.