All healthcare practices need to develop a strong information security program to ensure the security and privacy of their electronic protected health information (ePHI). Even though compliance with the HIPAA security rule can seem daunting, it can and must be achieved by a combination of appropriate technology, policies and staff training. Medical Identity theft is increasing at an alarming rate. All it takes is a stolen laptop containing unencrypted ePHI to put thousands of patient records at risk. Not securing the ePHI in your practice is a recipe for disaster.
Three things every healthcare practice must do right away to protect patient data:
- Encrypt all ePHI on laptops and other mobile devices like tablets, smartphones and USB drives.
- Secure ePHI stored on computers and servers through strong administrative, physical and technical safeguards. Use encryption if it is appropriate and reasonable.
- Implement a good backup and disaster recovery plan for all your ePHI and all critical line of business applications that are installed on your systems.