Practice Management Software And Cybersecurity

When it comes to practice management software, it's not enough to just install anti-malware or anti-virus protection and call it good. You must remain vigilant and proactive when it comes to cybersecurity.

Cyber security is more than overseeing the installation of software into your EHR or practice management software. It's about protecting all aspects of a healthcare practice and relies on employees, medical and non-medical staff, policies and procedures, and most especially, attention to detail when it comes to using of devices inside and outside of the practice environment. 

What exactly is meant by cyber security? According to HealthIT.gov, Cybersecurity refers to ways to prevent, detect, and respond to attacks or unauthorized access to a computer system and its information.

Cybersecurity is the responsibility of all

Cybersecurity is the responsibility of everyone involved in the practice environment. Some regulations and government guidelines for increasing security of protected health information have been published:

• Executive Order 13636 (Improving Critical Infrastructure Cybersecurity)
• Framework Improving Critical Infrastructure Cybersecurity
• Security risk assessment tools
• Cybersecurity training "games."
• Resources and information regarding mobile devices and privacy and security
• Practice management security continues to be compromised.

One of the keys to reducing the risk of attacks, hacks, and theft of protected health information (PHI) is to be proactive. Does your practice have a contingency plan in the event of a breach? What are the steps your employees are required to take in the event of a cyber-attack?

In 2015, cyber-attacks cost approximately $6 billion, and these attacks continue to increase. According to a study conducted by a security research/consulting firm, the average cost of a data breach for hospitals hovers around $2 million.

While it is not known for certain exactly what hackers are doing with stolen medical information, it is known that much of it ends up on the "Dark Web." While it's not exactly like stealing credit card information, information culled from patient records has been used to develop a new brand of identity theft. 

Why would a hacker or thief want a medical record? Because it contains valuable information:

• Patient's social security number
• Health insurance identification numbers used to create fraudulent insurance claims and can also be sold to a person desiring free healthcare for medical services.
• Patient contact information
• Physician’s name, potential contact information, ID data

Fraud is fraud. In fact, tax fraud is one of the benefits hackers seek from the theft of medical records. According to one source, the price for a healthcare record can be as high as 60 times over the information culled from "traditional" credit card theft.[4] Why? The type of information used:

• Name
• Social Security number
• Birthdate
• Home address
• Employment information

Patients and healthcare providers have long complained about the use of Social Security numbers as a form of patient identification when it comes to medical records – as traditional with practice management software of the past. Increasing numbers of patients are refusing to provide their Social Security numbers, with varying degrees of success, to their physicians.

This leads to the recommendation that physician practices utilize other patient identifier data rather than Social Security numbers, which not only serves to protect the patient but the medical entity against a potential breach.

Continue