What should be understood is that creating a secure cyber-environment is never only about having the best software and technical support. There are things every practice can do right now, at no cost and with no IT background needed. Having the right policies in place, along with the training on and enforcement of, is just as essential to the security of your practice as having the right anti-virus. The purpose of this article is to focus on the policies every practice should implement to protect their patients.
Create and enforce a good workstation use policy that prohibits employees from using their work computers for personal use. Most cyber-attacks can be traced back to someone clicking through a fake email, opening a suspicious attachment, or visiting an unsecure website. Even as the hackers become more and more sophisticated, these deceptive tactics remain their best way into your system. According to a 2020 Statista report, Phishing emails accounted for 54% of the reported Ransomware attacks.
Enforce proper password management. This means no sharing of passwords, changing passwords on a consistent basis, and creating complex passwords as opposed to a person’s name or birthday. It is also advised that you do NOT write your passwords on a post-it and stick it on your monitor. Everyone has experienced the frustration of not being able to log into a system, but this policy is essential to protecting your system and your patient info.
Always follow HIPAA’s minimum necessary standard. This means ONLY accessing, discussing, or transmitting the absolute minimum amount of patient info that’s needed for treatment.
Always do your due diligence and always have a Business Associate Agreement (B.A.A.) in place. Choosing which vendor to work with, whether it’s an IT company, a medical billing company or a practice management software, is a big decision for a practice and should be treated as such. Do your research and keep an eye out for any red flags, such as a poor web presence or a suspicious history. And if a vendor is not willing to have a business associate agreement, they may not be willing to protect your patient info. Even the biggest organizations have recognized the need for a B.A.A. and have made it easy to find their agreement and keep it on file.
B.A.A. for Microsoft Office 365
Login to Microsoft Office 365 Administrator Center > Billing > Subscriptions > Optional Privacy and Security Contractual Supplements.
Next, on this page you should see the Office 365 and CRM Online HIPAA/HITech Business Associate Agreement. Check off the box for that agreement, provide your electronic signature, and click Accept.
B.A.A. for Google Workplace
Go to the Security and Privacy Additional Terms within the Administrator Center.
Click Google Workspace/Cloud Identity HIPAA Business Associate Amendment to review the amendment.
Click Review and Accept and answer all three questions to confirm that you are a HIPAA covered entity. To accept the HIPAA B.A.A., click OK.
Have an emergency plan in place. The plan should detail who does what at the practice when faced with different worst-case scenarios like a cyber-breach, loss of data, and even a natural disaster. By having the plan ready before something happens, you can maximize your response time and minimize any damage.
The days of offices filled with file cabinets filled with patient records and forms going back and forth through USPS are over. The use of technology has changed the way patients are treated and new technologies are constantly becoming more popular. As an example, a recent HHS survey found that 1 in 4 individuals have used telehealth services.
While advances in technology have been a huge benefit for practitioners and patients alike, they’ve also resulted in patient privacy and security being more at risk than ever before. What hasn’t changed is that you care about your patients. By approaching any technology with the same care and attention you give to a patient’s treatment, you will continue to protect them.
Rectangle Health, a leading healthcare technology company, empowers medical, dental, and specialty practices with seamless and secure technology to drive revenue by increasing patient payments and streamlining practice management and payment processing. Since 1993, the company’s innovative solutions have reduced administrative burden and rebalanced the ledger for its thousands of healthcare providers in the U.S., reliably processing billions of dollars in payments annually.
Rectangle Health focuses on keeping practices financially healthy so they can prioritize care. The company’s flagship product, Practice Management Bridge®, interfaces with all existing practice management systems. This innovative platform includes features like contactless capabilities, customizable messages, online payments, patient financing, and Text to Pay that digitize payments and engagement for ease.
Headquartered in Valhalla, New York, Rectangle Health has been repeatedly named to the Inc. 5000 list of fastest growing companies.
Rectangle Health uses cookies to improve your experience on our website. By continuing to access rectanglehealth.com, you will receive all cookies from the Rectangle Health website. You may adjust your browser settings if you do not wish to receive cookies. If you'd like to find out more about the cookies we use, please read our privacy policy. Accept