The past year and a half has redefined the healthcare industry. Not only have hospitals and practices quickly adapted to an emergency pandemic and a heavy demand for telehealth, they’ve also seen an increase in cyberattacks. These have placed medical organizations on high alert to review their network security, as well as their patient data and the vendors who collect it. According to a recent article in Forbes, “The number of hacking incidents reported in healthcare climbed for the fifth straight year in 2020 … [comprising] more than half of all last year’s patient data breaches — 62% — up from 2019.”
Evaluating your vendors and security systems are paramount to data protection from these increased ransomware and malware attacks. But an often overlooked part of that process is the training your staff needs on the physical safeguards they should also be using. If you aren’t sure what those are, here’s a good place to start.
Do you rely on flash drives or mobile devices to share and review data? Make sure to lock those up when they aren’t being used, both while you’re at work and when you leave for the day. Taking them outside of the office not only risks a breach in compliance, it also increases the chances for that equipment to be stolen, as was the case for this unencrypted laptop.
Remind staff not to use the same password for all of their devices, and don’t be like more than half of surveyed workers who write them down on sticky notes. Even if your team trusts each other, there’s always the chance that someone will take advantage of another’s access and leave them footing the bill in damages. If they juggle a lot of passwords between different programs, have them use a password manager that stores and encrypts them online for convenient access. Some to consider include LastPass, Dashlane, Bitwarden, or 1Password, among others.
Institute keycard access for sensitive areas and avoid holding the door for tailgaters, as this easily defeats the purpose of this physical safeguard.
Have a lot of hard-copy paperwork? Consider housing it in a secure, offsite location. This allows you to maintain HIPAA compliance for file retention while protecting those documents from damage that could be caused by an on-site fire or natural disaster.
When it’s time to dispose of those hard copies, make sure to shred them first. Contracting with a document disposal service can certainly be helpful, but keep in mind that locked trash bins still have the potential to be accessed between the time you drop a file in them and the time that the disposal service arrives. Shredded papers won’t give thieves much to leverage, especially when they’re all mixed together.
Disposal of Hardware
Getting rid of computers, mobile devices, or digital copiers? Make sure to use software that wipes all patient data from them first. Simply sending a file or folder to the trash bin doesn’t automatically delete it. And you may also find it necessary through HIPAA to destroy those media tools once they’ve been wiped.
Use multi-factor authentication to log into your user accounts and file sharing services. This reduces the chances that an outside intruder will be able to hack your credentials and gain access to more (or all) of your network.
Train everyone on your staff about these physical safeguards. Even employees who can’t review sensitive patient or company information should still be aware of corporate policies on how that data should be managed — and how to respond to a potential breach in security. For more on what that includes, review the FTC’s guidelines by clicking here.
TriageLogic knows how important it is to keep patient information confidential. We’ve invested heavily in our nurse triage software and its ability to integrate seamlessly with respective EHRs in doctors’ offices, clinics, hospitals, and other healthcare organizations. The same goes for how we manage our own in-house documentation, as well as the training we provide our RNs and nonclinical staff who handle it. If you need help with telehealth nurse triage, telehealth appointment-setting, or nurses to manage data for remote patient monitoring, please contact us here. We’d be also happy to share the physical safeguards we use to keep those services secure.
TriageLogic is a URAC-accredited, physician-led provider of top-quality nurse telehealth technology, remote patient monitoring, and medical call center solutions. Founded in 2007, the TriageLogic Group now serves more than 9,000 physicians and covers over 25 million lives nationwide.