So, you upgraded from a local onsite solution to the Cloud. That’s great! However, just because you made the transition to go digital, it doesn’t mean that you don’t have to be cautious of how you manage patient records. While your package can no longer get lost in the mail, you are still vulnerable. Here’s what you need to know.
You might think that upgrading to a digitized solution to manage your medical images and records gets all of your HIPAA bases covered. That thinking is highly flawed. In fact, while HIPAA violation fines related to tangible mistakes like mailing errors have gone down in the past years due to practices migrating to the Cloud; the incidence of hacks has gone up. Well guess what? That’s a breach of PHI and could get you a hefty penalty from your favorite privacy and security provision. Actually, now that GDPR is live, those regulations have become even more stringent.
Why Is This Happening?
Don’t get caught up with the word “hack”. The violation doesn’t have to be from a malicious digital break in. Computer viruses and IT incidents have the potential to compromise protected health information too. While we can’t really speak for why criminals would choose to target hospitals and compromise protected health information, we can shed some light on the latter.
First, if you are still retaining your backups on your computer or viewing station, you should reconsider this approach. You could be visiting a site for an ICD-10 code, and your computer could catch a virus. While MacOS has done a good deal of work to make their products resilient to viruses, they are not immune and the issues are exacerbated on other PCs. In this case, the best thing you can do is discuss your options with your in-house IT department about the measures you can take to protect yourself. Don’t have an in-house IT department? - Contact your PACS administrator.
We tend to think that the Cloud is impervious to losing all of our records and imaging information. That’s not entirely true, and it has nothing to do with the software. It has everything to do with human error. When was the last time you changed your password? In fact, do multiple users at your practice use the same username and/or password? Usernames and passwords are the gating factors in the majority of “IT Incidents” reported in HIPAA violations. If you don’t already have one in place, set up a plan with your IT department that ensures your passwords are strong. Want to double up on your measures? Change out your password every 30 days.
Despite the best efforts to build impenetrable digital solutions, human error and behavioral factors are big contributors to security risks and can really get you in some trouble with your local compliance if you are not careful. Here’s the take home message: talk to your IT department (or PACS administrator) today about the measures you are taking, and what could be improved to ensure that your solution is not vulnerable to hacks, “incidents” or otherwise.