Data security: the 800-pound digital elephant in the room for physicians

As you read this, someone somewhere is gaining unlawful entry to hundreds, possibly thousands, of patient records. And it could well be your patients’ data.

Small, independent medical practices have enough to worry about on a daily basis, what with balancing the dual responsibilities of improving patients’ well-being and keeping a keen eye on their bottom line. It’s not easy. This pressure is driving many of your peers to give up their private practices, and in some cases practicing medicine altogether.

But the fact is, if you want to remain in business, you have to protect the most important resource you have: patients. And in this day and age, that includes safeguarding the gold mine of information you have about the individuals who trust you for their care. 

I’ve heard from numerous physicians who feel they have nothing of value for hackers and cyber-thieves to take. They are small potatoes next to the big hospitals and health systems with thousands upon thousands of names, dates of birth, Social Security numbers and payment information. But even small potatoes can feed a hungry hacker and they count on the fact that you’ll let down your digital defenses thinking you have nothing of value.  

You have the same information as the larger healthcare entities in your area and-no offense-your gateway to that data is likely less protected than the hospitals’.  Even if your defenses are strong (as you can read in George Ellis’ account of his practice’s breach on page 19), you are still a desirable target for those looking for access to others’ information for their own personal gains.

Next: So how, as a small practice, do you protect your patients’ data?

So how, as a small practice, do you protect your patients’ data? If you can outsource your IT security, great. Do it and save yourself time and sanity. There are many great companies who can help you protect patient and practice information and avoid a costly breach (costly both in terms of possible government fines and the PR hit your practice will take when patients find out their personal information is now readily available on the internet).

If you can’t outsource, or simply would rather keep this function in-house, that’s fine too. From ensuring you utilize a secure, password-protected network to installing anti-malware protections on the devices your practice uses, there are plenty of low-cost ways to ensure better data security.

And make data security a priority. Remind staff of policies and procedures regarding the use of technology-devices belonging to the practice and any of their own-now rather than after a breach has occurred.

I know data security is yet another concern on top of the growing mountain of tasks you deal with every day as a private-practice physician. I know it is another “cost” in time, money and energy for you and your staff. I know it seems daunting. But the fact is, like most things in medicine, if left unaddressed, a small issue can quickly turn into a large crisis.  

Keith L. Martin is editorial director of Medical Economics. How are you protecting your patients’ data? Tell us at medec@ubm.com.