Health care records are so valuable that attacks on health information technology (health IT) systems have increased 125% over the last 5 years.1 In fact, stolen patient data can be worth up to 50 times more than a Social Security or credit card number due to the numerous types of fraud that can result from information contained in a medical record.2
Unfortunately, 4 out of 5 health care providers and payer executives say their health IT systems have been compromised by cyberattacks.3
While the Health Information Portability and Accountability Act of 1996 (HIPAA) security rule and the Electronic Health Record (EHR) Meaningful Use/Advancing Care Information program both require physicians to conduct a security risk analysis, good health IT system hygiene goes beyond compliance with government regulation. Moreover, using certified EHR technology means that your EHR has certain security capabilities, but is not a guarantee of either legal compliance or robust protection.
Conduct a Checkup
Discover the steps you should take today to improve your cybersecurity practices and implement improved safeguards.
Note: The materials on this page are provided for information purposes only. They are not intended as legal advice and do not guarantee compliance with any state or federal laws or regulations.
- Encrypt and password-protect mobile devices, including cell phones, tablets, and laptops. Fact: Over 5 million smartphones were lost or stolen in 2014.4
- To protect against malicious software ("malware"), ensure that your software and computer and server operating systems are regularly patched and updated. Fact: As many as 85% of targeted attacks on computers are preventable.5
- Install and update your anti-virus software. Fact: Nearly 1 million new pieces of malware are created each day.6
- Create one Wi-Fi network for your practice and another for your patients (e.g., practice and practice Guest). Use different passwords for each. Fact: Unauthorized access was the leading cause of security incidents in 2015.7
- Create and enforce a workplace policy requiring strong passwords, using a mixture of letters, numbers, and symbols. Fact: It takes automated software under 90 minutes to crack common, simple passwords.8