Take Information Security Home

Safeguarding your patients’ protected health information (PHI) is a critical part of your everyday routine. What about when you leave the office? Your healthcare, financial, and other personal information require thoughtful handling, too.

As reported in the Becker’s Hospital Review in February 2019, an individual’s healthcare record can sell for up to $1,000 on the dark web. However, a social security number is $1.00, and a credit card profile is a mere $110 (read further). The dark web is the internet’s version of the black market. Most of the time you see thousands or millions of records for sale in bulk for extraordinary prices. A record that contains healthcare information is much more valuable because it can contain or easily lead to the discovery of financial and other personal information about that individual or his/her family members. It is nearly a complete package of an individual’s life.

How can you protect your information? Here are a few tips that are easy to incorporate into your daily routine and only need to be set up once.

Avoid “dumpster divers” and shred this information instead of throwing them in the trash.

• Prescription labels
• Visit summaries from doctors’ visits
• Credit card offers
• Expired credit and debit cards
• Old checks, invoices, and tax returns

File information like this in a locked drawer.

• Checkbooks, invoices, and current tax returns
• Active credit and debit cards and PINs
• Social security cards, insurance cards, passports, and birth certificates

Never write down or keep passwords, account numbers or social security numbers in an electronic file like Word or Excel. Instead, use a password manager/generator. This will help you create long “passphrases” rather than short complex passwords.

• Never store sensitive information on a portable device like a USB drive or CD ROM. Use a password to protect your mobile devices
• If you use your laptop or tablet at a coffee shop or other public place, be sure to sit where others cannot see your screen and “shoulder surf.” A shoulder surfer is a person who stands behind you and watches your screen hoping to see credit card information, passwords, and usernames you type on your keyboard.
• Turn off the Bluetooth signal on your cell phone, tablet, and laptop when not in use. Check your wi-fi connection to ensure you are connected to a known network.

Ensure your cell phone, tablet, and laptop have the most current software update from the manufacturer. This can provide the best defense against current malware and other vulnerabilities.

Never leave laptops, tablets, or other electronics in your car or on a table in a public place. Many breaches occur because of laptop or device theft.

Use a trusted cloud provider system like iCloud, OneDrive, DropBox, etc., to store sensitive files. This can provide an extra layer of security. An alternative to this is to password protect folders and files.

To password protect a folder, right-click on the folder, choose “Properties” and select the “Security” tab to apply access restrictions.

To password protect a file (e.g. Word) choose the “Review” section on the ribbon and click on “Restrict Editing.” You can require a password to open the document as well as a password to edit the contents.

This all does sound like a lot but taking a few minutes for set up can save you a lot of headache and money in the future.

Here are some resources to help you along the way:

• The National Institute of Standards and Technology (NIST), who has also provided the guidelines on safeguarding PHI in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, posted a blog that contains a guide to building a better password on its website.
• Find a location near you to shred documents and destroy old electronics like laptops, cell phones, and USB drives. UPS, Staples, Office Depot and similar places offer this for a nominal fee.
• You can purchase your own shredder. Shredders can be purchased on Amazon for as little as $20. Be sure to choose a micro-cut or cross-cut model.
• To find a reputable password manager, you can visit PC Magazine’s website for comparison The Best Password Managers for 2019

If you would like more information on this very important information, consider signing up for our newsletter to stay on top of the latest news in HIPAA compliance.