September 2, 2020
HIPAA Compliance: Addressing Cybersecurity at Medical Facilities
Read Time / 5 min.
Treating patients is the first concern of every medical practice, but what comes next? In recent years, protecting not only patients but also staff has been a growing concern for large acute care facilities as well as small practices. Dedicated focus on patient safety and staff hygiene has never been more important than it is now, but are there other concerns that are being deprioritized while we sanitize surfaces?
One threat, like many of the illnesses and viruses medical facilities fight every day, is invisible and equally difficult to find: the threat of cyber attacks. When surveyed by the American Medical Association (AMA), 83% of physicians said they have experienced some kind of cyber attack. Protecting your network is challenging, but understanding why your network needs protection is an important first step in evaluating the solutions and understanding the threats to your practice.
Let’s start with a term that all medical professionals are all too familiar with: HIPAA, or the Health Insurance Portability and Accountability Act. Medical facilities have a duty to protect patient data and keep protected health information (PHI) secure. Cybersecurity incidents that affect PHI can result in audits and HIPAA fines. Depending on the incident and your level of compliance, penalties can cost between $100-$50,000 per violation or per record – not to mention the loss of trust in your practice and the criminal charges that could result in jail time.
Are you properly protecting your digital medical records and patient data?
Digitizing medical records was a huge step in productivity for medical practices; however, it also opened new doors of opportunity for hackers to gain access to your patient information.
Understanding the capabilities of your existing network systems is an important part of your cybersecurity and data safety evaluation.
One of the first steps to protecting your practice is implementing standard firewall and malware software provided by your internet service provider. Some questions to consider:
- Are you protecting your practice with a standard firewall provided by your internet service provider?
- How often is your anti-virus software updated?
- Who is regulating what a firewall allows and what it doesn’t?
Protecting the security of your digital records is critical to protecting your patient data.
How are you monitoring your Wi-Fi?
Often, one of the first things patients look for in a waiting room is a sign explaining how they can access your guest Wi-Fi. Even if the wait is five minutes, many will still connect.
Once they access that network, can you limit how they use it? Is it easy for them to access? Is there a splash page that records some kind of information as they join?
Unfettered guest access can limit your productivity when your guests are using most of your bandwidth. Additionally, they can put your entire system at risk if they are visiting dangerous or illegal sites.
You can practice perfect cyber hygiene, but just like with a virus, an outsider can bring an infection into your facility with them.
Are your employees exposed to phishing attacks?
Sharing information between practices and specialists is a key part of the patient care cycle. This communication can result in faster results for your patient, but could also mean greater risk of phishing attacks.
Your employees receive emails from a variety of sources every day. How many of these have dangerous links in them? How many requests for patient information are they handling every day?
Network protection is about good cyber hygiene as much as it’s about the technology, and there are solutions available that help minimize the risk of your employees opening dangerous emails.
Protect your medical practice from cyber threats
One of the biggest mistakes you can make is to think your facility isn’t big enough to be a target for cyber criminals. In many cases, attacks are automated and don’t rely on research ahead of time. Attackers simply look for openings, and they might just find one in your network if it isn’t protected.
Large acute care facilities have teams of cybersecurity experts working to protect their data. However, smaller practices can be just as safe. Start answering some of the questions posed in this blog and evaluate just how secure your patient information is now, and whether you need to take further steps to avoid a breach in the future.
To learn more about protecting your network, click the button below.