With everything that goes into running an optometry practice, data security can sometimes fall between the cracks. Cyber hacking has become such a problem in recent years, it’s necessary to spend some time to focus on this protection detail. Like a security system to protect the physical office building, having even the most basic security can keep your patients’ important information safe. Beyond cyber hackers, protection from privacy breaches within the practice is another piece of data security that should be considered.
Since 2009, 1 in 10 people in the country have had their medical records compromised, either through cyber-attacks, data theft, or unauthorized disclosure. There are laws, and frankly, moral standards, that say organizations must notify any affected parties in the instance of a breach. The digital world is growing rapidly, and as such, the threat of a cyber-attack. From practice websites to social media accounts, even employees’ personal accounts, there are numerous ways cyber thieves can get ahold of private or potentially incriminating information. Things like offensive statements, copyright infringement, or leaked information can all create a host of problems for an optometric practice or any business.
While having a security breach can be detrimental to the financial aspect of the practice, the loss of patients’ trust is much worse in terms of reputation and future growth. Unfortunately, practices can be liable for damages even if they’re using a third-party to manage their data. That’s why doing your due diligence in researching security options is as important as location or services offered.
What Can You Do Now?
The simplest first step is password protection. Seems like a no-brainer, right? Many recent cases of hacks have been linked to a weak or unencrypted password. There are inexpensive software options that can help keep track of all the practice’s passwords and keep them safe. A few more simple practice implementations to help secure data and reduce liability and cost include:
- Ensure you have a firewall and antivirus software.
- Isolate computers that are used for sensitive applications (e.g. bank deposits) from the rest of the network.
- Some companies, EyePromise included, don’t store patients’ or doctors’ credit card/payment information for security purposes.
- Control access to data and limit the exchange of patient-related information to secure channels.
- Have a data security plan.
- This should include immediate notification of all affected parties.
- Share the liability by demanding similar protocols with colleagues, suppliers, vendors, and partners and be sure to check for compliance.
Building a practice is a long and strenuous process. Make sure you protect your hard work from cybersecurity threats by taking the proper precautions listed above and speaking with an IT specialist.
Battersby, Mark E. “Protect Your Practice’s Data from Security Threats.” Healio, Primary Care Optometry News, Jan. 2015, www.healio.com/optometry/practice-management/news/print/primary-care-optometry-news/%7Ba4320bdd-f02f-4165-b4be-091ea7603326%7D/protect-your-practices-data-from-security-threats