How to Protect Medical Data & Plan for Disaster

Thursday, May 30, 2019, 6:00 AM | Leave Comment

Medical establishments must understand going in that a patient’s private data should never be compromised or lost under any circumstances.

There can be many reasons why data can vanish, whether it be from a computer hacker, a dying hard drive, or the destruction of records from an uneducated employee.

Because of these potential hazards, it is essential that you have proper security protocols and recovery plans ready to roll.

If a breach were to occur, you and your team need to know exactly what to do to limit the damage.

Heed these security tips and keep the trust of your patients a top priority.

How to Protect Medical Data & Plan for Disaster
Image Source: Pexels

  • Create a Disaster Recovery Plan

    Medical administrators and IT departments never want to experience a major data disaster, anticipating such a catastrophe and having a plan to fix it is a must. An effective recovery plan is key, and its details must include the steps needed to get all processes back up and running to their full potential. Begin by having a risk assessment by a cybersecurity consultant.

    This expert will come into your office and look at your processes to determine if they are as secure as they need to be. Medical offices share information with various businesses on a daily basis. Is this information shared securely, or are there holes in the process? They can also look at your computers and filing systems to ensure that employees are properly using and transferring data.

    Now that you know it could happen, how are you prepared to react if the risk becomes a reality? In your recovery plan, have a step-by-step plan for what each individual will do to fix the issue. Make sure you are fully staffed, as cutting costs and resources can only cause additional problems. This plan should also have information about all of the backup systems that you have in play and how to access them if there is a data breach. It goes without saying that when it comes to sensitive, private information, backup systems and plans for recovering that data are essential.

  • Follow Proper HIPAA Shredding Procedures

    All medical offices are familiar with the Health Insurance Portability and Accountability Act and its role in the protection of patient information. When it comes to giving patients the protection they deserve, HIPAA provides regulations for how to handle and secure data, as well as how to dispose of the data once the time comes. Neglecting to do so could result in significant fines, in addition to a future lack of trust from your patients. In short, all patient information should be properly shredded.

    Before disposing of patient records, your office must first keep the paperwork on file for a predetermined amount of time. Your state laws may differ on the retention time, but at a minimum, HIPAA requires that the information stay intact for six years after the date of its last use.

    As for what is considered private information that must be shredded, the list basically includes anything specific to the patient:

    • Names

    • Dates

    • Phone numbers

    • Social Security numbers

    • Vehicle identifiers

    • Internet protocol address information

    • Photographs

    • Email addresses

    • Account numbers

    When it comes to the actual shredding, the office shredder is not adequate. Instead, HIPAA-compliant shredding services are required, and these services are usually available off-site. Such companies can either come to your office with a truck equipped with an industrial shredder or the company will take the documents back to their building for shredding. In either case, the shredding bins are locked and secured, and after the shredding is complete, you will receive a certificate of destruction that your office can use for record keeping or in the case of a legal dispute.

  • Securing Digital Information

    As technology continues to advance, processes are evolving. Medical charts written on clipboards are becoming a thing of the past, with practices now turning to electronic health records to inform personnel of what is ailing a patient and the next steps that need to be taken. Data can also be used to fuel machine learning applications in medical devices, a driving force in medical innovation.

    However, with digital filing and wearable technology comes the risk of data breaches, so proper security is a must. In a lot of cases, keeping medical data safe and secure begins with educating employees. For instance, when looking through emails from patients and other offices, employees must be aware of potential phishing scams that employ faulty email addresses that often look like the real deal or malicious links that can lead to a virus.

    Another common mistake is weak passwords. Inform office administrators that proper passwords involve a combination of letters, numbers, and special characters and that a password should not include their name or the name of your practice.

    A well-informed and properly prepared IT department is a must in any industry — especially the medical arena. This team should have backups in place so data can be recovered if it is lost or stolen. They should also have proper antivirus software that updates regularly to comply with the rise of new threats. Finally, any data should be properly encrypted with a key that only authorized personnel can unlock and access.

In order to have a successful medical practice, patients must be able to trust doctors with their personal information. Practicing proper data security, and planning for potential disasters will go a long way to keep that trust.

Throw us a like at

Post a Comment on Content of the Article


This is not a billboard for your advertisement. Make comments on the content else your comments would be deleted promptly.

CommentLuv badge