BCS: Helping business clients with opportunities and through crises since 1995

Preventing a data breach at your medical office

A data breach at your medical office isn’t just inconvenient or troublesome — it’s a potential source of major legal problems. The Health Information Technology for Economic and Clinical Health (HITECH) Act requires data breaches that affect 500 or more patients to be reported to the authorities. You can also be subjected to lawsuits and fines.

It’s only smart, then, to do what you can do to prevent one. Since most data breaches start with lax security, here’s what you should do:

  1. Do a risk assessment on your computer system. These days, every business could be remiss if they aren’t periodically taking a look at their vulnerable points.
  2. Invest in encryption technology. If your data is properly encrypted, its loss isn’t considered an actual data breach, so good technology can be a saving grace.
  3. Make use of sub-networks. Do you have a patient portal? Putting it on a sub-network that allows patients to contact you but doesn’t unduly expose their private information can help keep data safer.
  4. Look at your service-level agreements with your cloud service providers. If you store any kind of data on the cloud, you want to make sure that you retain ownership of that data and privacy rights.
  5. Update your business associate agreements. As regulations regarding information privacy and electronic data change, make sure that your business agreements reflect those changes.
  6. Make sure that business associates hold up their end. Your contractors and other business associates should also do risk assessments and provide their own data security measures.
  7. Provide ongoing education to your employees. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires health care workers to protect patient information and privacy. Strive for a culture of integrity and responsibility that encourages employees to adhere strictly to the rules.
  8. Teach employees to monitor their electronic equipment. All it takes is a computer that’s left unattended while someone runs for coffee to create a breach.

Despite your best efforts, data breaches may still happen. If they do, find out how experienced legal counsel may benefit you moving forward.