Sadly, the Internet is full of folks looking to steal your personal information, and while most people probably are keenly aware of the need to protect their Social Security numbers (SSNs) and credit card accounts, many don’t realize that their medical identities also are vulnerable to hackers. According to NBC News, the Ponemon Institute estimates more than 2.3 million adult Americans have either been the victim of or know someone who has been a victim of medical identity theft during or before 2014. Even scarier? The institute’s fifth annual survey revealed that medical identity theft rose by 22% in 2014—and that rate shows no signs of slowing down. Forbes reports that in this year alone, three major health insurers—Anthem, Premera, and CareFirst—were hacked. These major data breaches exposed tens of millions of patient records, leaving those patients at risk for medical identity theft.
Using stolen patient information, criminals can fraudulently receive medical care—inherently altering victims’ medical records and racking up costly medical bills in those patients’ names. If you’re a medical provider, the responsibility of preventing data breaches—and the legal and financial consequences of failing to do so—is on you. But you aren’t in this fight alone. Here are several ways top-notch cloud-based EMR systems keep your patient data safe:
1. Bank-level security encryption
An industry standard, bank-level security encryption scrambles up your information (sort of like my breakfast this morning), so you can safely transmit it over the Internet using a cypher (i.e., an encryption algorithm)—like a 256-bit or better Secure Socket Layer (SSL)—and a cipher key. Furthermore, as this resource explains, “Data transmitted over an SSL connection cannot be tampered with or forged without the two parties becoming immediately aware of the tampering.”
2. Password guidelines
Password-protected access is a given for any technology company worth its salt, but your EMR also should have strict password guidelines to better protect your patient data. For extra security, look for the TRUSTe Certified Privacy badge on your EMR vendor’s website. To earn the privilege of displaying that badge, the EMR must:
- employ strict password guidelines that ensure complete login security, and
- feature unique password-protected access to ensure HIPAA compliance.
3. Automatic data backups
When was the last time you backed up your data? (Insert cricket noises.) Yeah, that’s what I thought. Not to worry: your EMR has your back. Armed with automatic data backups—with multiple replication processes to boot—your EMR will never lose your all-important patient data, even if you lose power or Internet connection.
4. An audit trail
This special feature helps discourage hackers—and fraud in general—by tracking user activity (criminals don’t want to get caught, after all). So long as providers keep it turned on, an audit trail maintains a chronological record of all attempts to access patient data. It records the data accessed, who accessed it, and when and from where it was accessed.
5. Specialized staff
Great customer service reps are hard to find, but when it comes to protecting your patients’ protected health information (PHI), the search is crucial. That’s why awesome EMR vendors take the time to hire and train staff who are well-versed in online security measures and at the ready to provide you with their expertise.
6. Data centers
To ensure HIPAA compliance, the best EMRs house all their—and thus, your—data at state-of-the-art data centers. These data centers must possess bank-level security and supreme encryption methods that render data unreadable—even if hackers somehow get to it. WebPT, for example, stores all of its data at IO Data Center, a Tier III-Certified facility that provides multiple layers of access control, including a defensible perimeter, video surveillance, biometric screening, and round-the-clock security guards.
Often, the victims of medical identity theft remain unaware of the crime for months—or even years. Upon discovery, victims usually have a difficult time determining how it happened, and they often struggle to undo the damage. Make sure your patients don’t fall victim to medical identity theft. Web-based physical therapy software vendors—specifically, those that built their systems from scratch with the Internet in mind—are your practice’s best defense against cyber attackers.