877.334.8512 |      

EHR and practice management for mental / behavioral health

What is Your Biggest Threat to Security?

by Donna Koger, 6.19.18

We have all heard that Healthcare is the most common target for hackers. Why? Because the PHI maintained by the Healthcare Industry contains more personal information than any other targets, such as the Financial Industry and Retail companies (Target stores are a good example). So what is your greatest threat and how can you guard against data breaches?

How to Prevent a Data Breach

According to HITECH Answers, “Healthcare is the only industry in which internal actors [or insiders] are the biggest threat to an organization. Often they are driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 percent); fun or curiosity in looking up the personal records of celebrities or family members (31 percent); or simply convenience (10 percent).”

Insiders are your employees, including administrative and medical care professionals, who need specific training on HIPAA compliance and constant supervision. There are also ways to protect your networks from unauthorized access to PHI, such as effective firewalls and device encryption. (Read: Encryption-What Are You Waiting For?)

One problem, surprisingly, is that even in this day and age, there is still widespread use of paper that contains PHI where, “…sensitive data [is]being mis-delivered (20 percent), thrown away without shredding (15 percent), and even lost (8 percent).”  In these cases, it is the responsibility of management to assure paper is appropriately used and destroyed when necessary. Of course, the ideal answer is to utilize electronic health records software that does not require paper, especially when using fax and copy machines. (Read: Faxing Your Way to HIPAA Violations)

How to Manage Phishing and Ransomware

Other common insider problems are phishing and ransomware where insiders click on dangerous email links.

Today, the “Internet of Things” (iot), which is the use of many different types of devices on the internet, is an ever growing problem. If your employees are using cell phones, laptops, ipads and other devices besides a computer to access your PHI, the insiders need to be specifically trained on ways to prevent unauthorized access. One of the best solutions on devices is encryption.

Fortunately, PIMSY EHR has several methods for protecting against deliberate insider tampering or other inappropriate access to PHI. These are some of the protections included in PIMSY:

PIMSY Security

There are several ways in which PIMSY keeps your data safe. Most features that involve PIMSY security are in the System Settings. These settings are:

Setting #

Setting Name

Description

-1

Login Attempts

Number of times a user can unsuccessfully attempt to log into PIMSY

-2

Auto Logoff Time

Length of time after inactivity for the application to log out. There is also a button on the main menu for users to Log Out any time.

-53

User Password Validation

Force secure passwords; copy/paste the example in the Default Description into the Your Value box:  ^\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*$

-92

Prohibit users from viewing clients assigned to other locations.

Limits areas available in PIMSY to specific users

-95

Prohibit users from viewing clients assigned to other divisions.

Limits areas available in PIMSY to specific users

-283

User Password Change Months

Specify months when all users will be forced to change their password. There is also a checkbox on the User Details window for forcing an individual to change their password on the next login attempt.

Other features that allow PIMSY to be more secure:

  • Unique logins – every user should have a unique username and password
  • Monitor Logins – go to Administration > Audit Management > Login Log

PIMSY is also Meaningful Use Certified, which requires vigorous security testing before being approved.

In conclusion, to ensure the proper use and access to PHI in your organization is thorough and annual HIPAA TRAINING for all staff. Insider training is also required for HIPAA compliance. (Read: Will Your Employees Get You Hacked?)

Resource: https://www.hitechanswers.net/insiders-to-blame-for-poor-cybersecurity-in-healthcare/

Donna Koger is the HIPAA and Security Compliance Director of PIMSY EHR

 

Donna Koger is the HIPAA and Security Compliance Director of PIMSY EHR. For more information about electronic solutions for your practice, check out Mental Health Practice Management.

Kudos from Clients

  • Seth H.

    “PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

    ~ Seth H., Business Owner

  • Karen B.

    “Love PIMSY! So much quicker to complete notes and easier for everyone working with clients to know current authorizations and track units.”

    ~ Karen B., Therapist

  • Dr. Carmen L.

    “I am extremely appreciative and am so glad I decided to go with PIMSY versus the other options I was considering. I was singing your praises to a colleague of mine today who is feeling overwhelmed with her paper process. I highly recommend all of you.”

    ~ Dr. Carmen L., Program Director

  • Kim T.

    “We are now functioning at a 50% faster recovery rate for money and a 50% lower denial rate. You should really give the PIMSY team time to demonstrate for you personally.”

    ~ Kim T., Business Director

Subscribe To Our Newsletter

Subscribe to the PIMSY newsletter
 
What topics are you most interested in?