For nearly 20 years, HIPAA has existed to keep patient information safe. But as we move further and further into a technologically driven world, the simple rules of HIPAA may not be enough to keep patients’ medical records and data safe. In a 2014 survey, 90% of medical institutions reported a data breach, with some reporting as many as five separate data breaches.
Patient satisfaction is an important element of healthcare. And as more stories crop up about hackers stealing data—not just from hospitals, but from insurance companies and retailers—people are becoming more serious about data security with each passing day. Are you doing everything you can?
The Affordable Care Act
The ACA has drawn criticism for a nu/*mber of reasons, but one of the major reasons related to data security is its requirement of Electronic Health Records (EHRs, or sometimes called Electronic Medical Records, EMRs). The idea makes sense: as we become more reliant on technology, it becomes easier to compile records electronically than continuing to stuff filing cabinets full with paperwork. These EHRs are also meant to provide data to improve patient care—and can even help hospitals more fluidly close open accounts receivable.
But many medical care providers are concerned about the vulnerability that these electronic files offer. Because many of these files are stored in the cloud or in less-than-secure databases, hackers and other data miners may have easier access to patient information. One of the major concerns isn’t necessarily even issues with the technology. Rather, employee negligence could leave gaping holes in security that could let hackers walk right in. Proper training can make all the difference.
Proper Data Protection
The survey noted above actually found that data breaches at hospitals were down in 2014 over previous years, but that’s not a sign that your data security measures are fine. Rather, it’s even more important now to shore up any protection you already have in place.
- Make sure all computer systems require password authentication and log out automatically after a set amount of time.
- Keep antivirus software up to date, and update other software as necessary to provide patches for potential weak spots.
- Enable encryption and firewall protection for any electronic data stored onsite.
- Ensure any cloud data storage services utilize the highest security available and are HIPAA and HITECH compliant.
Obviously, any vendors or partners a hospital uses for any purpose are also responsible for maintaining HIPAA and HITECH compliance. For accounts receivable partners, it’s even more important that they have the best security practices in place. Medical records have a very high value on the black market. To keep your patients’ data safe—and keep them satisfied—it’s important to vet any potential partner’s security standards. For example, do they encrypt emails they send to patients? What kind of data center do they utilize? How do they perform backups, and are the backups kept secure in a similar way?
Data safety is something we take very seriously at HCM. If you would like to hear more about how we keep your patients’ information safe while helping you efficiently close the revenue cycle, contact us today.