11 Apr How secure are your medical records?
It seems like we can access just about everything with a touch of a button or a basic voice command. These days, that online convenience is impacting our healthcare. But with some offices advertising patient convenience as innovative customer service, those intentions can place your personal medical information at risk.
The federal law enforces the Health Insurance Portability and Accountability (HIPAA) Act. The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. But with many offices going paperless and converting to electronic medical records and cloud storage, it’s good to know your doctor is taking the necessary precautions to keep your information safe. Here are three things to ask about at your next visit.
1. Ask about encrypted data
The Centers for Disease Control and Prevention says almost 87 percent of today’s offices have converted to electronic medical records. With that change comes an increased need to ensure information is secure at all times—not just during transmission. “It’s crucial that you have a system put in place to track where these files go and who has access to them,” says Tim Maliyil. “Without a predetermined way to keep track of them, digital copies can easily get lost in the system.” And that means your personal information could fall into the wrong hands. Fortunately, current cloud technologies like Salesforce offer safeguard measures that automatically encrypt stored data. Also, the software can be customized to select which fields need to be encrypted.
2. Request multi-factor authentication
If you have ever tried to log into your mobile bank website on a different computer, chances are you have already experienced multi-factor authentication (MFA). Your bank likely requested additional security information, or it may have sent an access code to a separate mobile device. The point behind this added step is to ensure that the people accessing this information are the right people. That is why MFA is an important addition to medical data security.
However, in some cases, in an effort to provide more streamlined service, a business won’t require MFA for online access to personal accounts. And that is a misguided strategy. “If a business you interact with regularly, say your health organization, wants to provide you with convenient online access to health records, test results, and invoices, but only offers a password as a way to protect that data, consider saying: ‘no thanks, not until you provide MFA to secure my information,’” says the National Institute of Standards and Technology.
3. Look for human error
If you really want to determine how secure your medical information may be, listen to the goings-on in the office. In some cases, the carelessness of employees will trump the most advanced computer system.
For example, do you hear employees discussing the details of a patient’s case? How does the staff handle patient files? “We understand the importance of confidentiality and HIPAA compliance for healthcare facilities,” said Ryan Westwood, CEO of Simplus. “And we have designed many systems that ensure those secured measures. But the most advanced design can’t counter the habits of a physician who accesses a patient’s file on a home computer, for example, or a nurse who leaves a patient’s file in the exam room when ushering in a new patient.”
Along with updating a facility’s computer system, the Simplus team also encourages management to integrate new pathways for handling electronic medical files and office practices. There are federal laws in place to protect your health and medical records. But a little common sense goes a long way to ensure that information stays secure. “If you access your health records online, make sure you use a strong password and keep it secret,” says the Office of Health Information Technology.
By making sure your healthcare provider uses these precautions, such as encrypting data, using multi-factor authentication, and adjusting office practices to support confidentiality, your personal information can remain just that—personal.
Contact Simplus for a partner in secure cloud storage integration today.