3 Tips for Minimizing Your Medical Practice’s Cybercrime Risks

August 1, 2017 by Antonio Arias, MBA, CHBME

Topics: Meaningful Use Stage 2, Practice Management, Medical Billing Company

Security-, privacy-, and cybercrime-related concerns are especially problematic for medical practices. In the event of a breach or data theft, it’s not just the healthcare organization that gets affected – it’s potentially every one of their patients (not to mention their business partners, contractors, employees, and so on).

Protecting your patients’ personal data is just as important as protecting their health, but new findings suggest practices are better at the latter than the former. The most recent Benchmark Study on Privacy & Security of Healthcare Data by the Ponemon Institute found that the healthcare industry remains "negligent in the handling of patient information."

With that negligence comes an undue level of risk for cybercrime, as well as for all of the legal and regulatory consequences that can potentially come with it. Regularly revisiting your cybercrime protections can help maintain your practice’s financial well-being by keeping fines, fees, and penalties off your radar. Here are five quick tips on maintaining strong protections.

Stay Up-to-Date With All of Your Systems

The technological risks facing medical groups evolve so rapidly that legacy hardware and software can’t keep up. How old are your practice management and EHR solutions? So they require regular updates (that can fall by the wayside in busy times)? Are they server-bound (and thus more easily compromised) or cloud-based? Make sure you monitor how well-equipped your systems are for providing an appropriate baseline of security.

Deploy Technical Controls & Education

Once you have security-smart solutions in place, the next trick is not to trust them! Work with an IT partner to implement ancillary technical controls that will make your existing security measures more robust. Protections should include firewalls, desktop antivirus software, antivirus software on email servers, antivirus and anti-malware protection on employee inboxes, and content filtering for the Internet and email. From there, make sure your staff is educated on the risks of failing to follow your IT measures and policies.

Create or Update Your Device Policy

Are laptops and smartphones used to access your patients’ personal health information (PHI)? Especially if they’re used outside the office, you face the risk of those of those devices being stolen and your patients’ data being compromised. Make you have procedures in place to ensure that electronic PHI (or ePHI) is encrypted on mobile devices, and that all laptops that connect to PHI-laden networks are regularly updated with virus-protection software and the appropriate personal firewalls.


Are you interested in learning more revenue cycle management tips? Visit our blog! 

...and if you need help from a medical billing company...


Subscribe to Our Blog

Stay in-the-know on trends, best practices, and news affecting the medical billing industry!