Any firm, organization or medical practice which deals with Personal Health Information (PHI) is bound by the laws and regulations set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Personal health information includes all paper or electronic patient records, and guidelines are designed to restrict access to PHI to only those parties designated as authorized. Security measures can be as simple as physically locking files in a cabinet overnight, or as sophisticated as adding encryption keys to all digital patient records. But beyond data, medical facilities also must prepare against theft and crime, as both prescription medications and expensive equipment are kept onsite.
If your organization is bound by HIPAA regulations, or if you simply want to protect your facility, business and staff – here are some security basics which you should consider implementing.
Security Basics for Medical Centers
- Access Control: Installing a card key or FOB system to restrict access within the building is an easy way to properly restrict access to only authorized parties. Doing so can ensure that an administrative assistant cannot peruse the pharmacy warehouse, and a delivery driver cannot walk behind the front desk to look at a file. By limiting access to only appropriate personnel, you are greatly reducing your risk – while also minimizing the number of suspects should a security breach occur.
- Visitor Management: Knowing who is in your facility at all times is crucial to the safety and security of your staff and patients. Whether through electronic sign-ins, ID checks, or pre-registration procedures, managing the flow of visitors is an important security measure. Implementing bag checks. video surveillance and metal detectors may also be prudent based upon the nature of your facility.
- Strong Password Protocols and Log In Procedures: Strong password protocols are a must for any organization these days, but is one of the top security basics for medical practices held to HIPAA standards. Passwords should be random (no personal information or common words) and be changed on a regular basis. For more information on how to create strong passwords, click here. Your staff should also be trained to log out of any records management application should they walk away from their desk to keep unauthorized personnel from seeing medical records, files, invoices, medical test results, or any other protected health information.
- Install and Maintain Anti-Virus Software: Cyber criminals are getting more and more persistent, and in 2019 cyber crime is expected to cost organizations upwards of $2 trillion dollars – up 4-fold from 2015 (Source: Juniper Research). Small business is not safe, as the majority of breaches affect small to medium sized businesses. So what to do? In addition to strong user credentials, companies need to install malware protection, anti-virus software, and firewalls. These services need to be updated and maintained regularly, as the cyber-thieves consistently find new ways to breach your database.
- Employ Encryption Techniques: Wireless routers make it easy for your office staff to access data from devices across the office – and also make it easy for people in the next office space or the parking lot to do the same. Make sure all of your PHI is encrypted (coded) as it is sent across your network, and no one without a decryption key will be able to decipher it. Read more about encryption here.
These security basics really are just the beginning for a medical practice looking to effectively protect their resources, data and personnel. If you are looking for advice on how to implement these measures, or would like to discuss more sophisticated ways to protect your digital processes, call Alliance IT. Our team of experts deals with security issues every day, and can offer the most up-to-date solutions for both physical access and computing concerns.
